7c1cb9ff4b8a23a1f7588adbe31ce8961f539375
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-02-18  Filip Pizlo  <fpizlo@apple.com>
2
3         Attempt to fix Windows build.
4
5         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
6
7 2012-02-18  Sam Weinig  <sam@webkit.org>
8
9         Fix the libc++ build.
10
11         Reviewed by Anders Carlsson.
12
13         * heap/Weak.h:
14         Libc++'s nullptr emulation does not allow default construction
15         of the nullptr_t type. Work around this with the arguably clearer
16         just returning nullptr.
17
18 2012-02-18  Filip Pizlo  <fpizlo@apple.com>
19
20         DFGPropagator.cpp has too many things
21         https://bugs.webkit.org/show_bug.cgi?id=78956
22
23         Reviewed by Oliver Hunt.
24         
25         Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
26         various things and put them into separate files. These new phases follow
27         the naming convention "DFG<name>Phase" where <name> is a noun. They are
28         called via functions of the form "perform<name>".
29
30         * CMakeLists.txt:
31         * GNUmakefile.list.am:
32         * JavaScriptCore.xcodeproj/project.pbxproj:
33         * Target.pri:
34         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
35         (DFG):
36         (JSC::DFG::performArithNodeFlagsInference):
37         * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
38         (DFG):
39         * dfg/DFGCFAPhase.cpp: Added.
40         (DFG):
41         (JSC::DFG::performCFA):
42         * dfg/DFGCFAPhase.h: Added.
43         (DFG):
44         * dfg/DFGCSEPhase.cpp: Added.
45         (DFG):
46         (JSC::DFG::performCSE):
47         * dfg/DFGCSEPhase.h: Added.
48         (DFG):
49         * dfg/DFGDriver.cpp:
50         (JSC::DFG::compile):
51         * dfg/DFGPhase.cpp: Added.
52         (DFG):
53         (JSC::DFG::Phase::beginPhase):
54         (JSC::DFG::Phase::endPhase):
55         * dfg/DFGPhase.h: Added.
56         (DFG):
57         (Phase):
58         (JSC::DFG::Phase::Phase):
59         (JSC::DFG::Phase::~Phase):
60         (JSC::DFG::Phase::globalData):
61         (JSC::DFG::Phase::codeBlock):
62         (JSC::DFG::Phase::profiledBlock):
63         (JSC::DFG::Phase::beginPhase):
64         (JSC::DFG::Phase::endPhase):
65         (JSC::DFG::runPhase):
66         * dfg/DFGPredictionPropagationPhase.cpp: Added.
67         (DFG):
68         (JSC::DFG::performPredictionPropagation):
69         * dfg/DFGPredictionPropagationPhase.h: Added.
70         (DFG):
71         * dfg/DFGPropagator.cpp: Removed.
72         * dfg/DFGPropagator.h: Removed.
73         * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
74         (DFG):
75         (JSC::DFG::performVirtualRegisterAllocation):
76         * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
77         (DFG):
78
79 2012-02-17  Filip Pizlo  <fpizlo@apple.com>
80
81         DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
82         the CodeBlock that was used for profiling
83         https://bugs.webkit.org/show_bug.cgi?id=78954
84
85         Reviewed by Gavin Barraclough.
86
87         * bytecode/CodeBlock.h:
88         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
89         (JSC):
90         * dfg/DFGAbstractState.cpp:
91         (JSC::DFG::AbstractState::AbstractState):
92         (JSC::DFG::AbstractState::execute):
93         * dfg/DFGAbstractState.h:
94         * dfg/DFGAssemblyHelpers.h:
95         (AssemblyHelpers):
96         * dfg/DFGByteCodeParser.cpp:
97         (JSC::DFG::ByteCodeParser::ByteCodeParser):
98         (JSC::DFG::ByteCodeParser::handleCall):
99         (JSC::DFG::parse):
100         * dfg/DFGByteCodeParser.h:
101         (DFG):
102         * dfg/DFGDriver.cpp:
103         (JSC::DFG::compile):
104         * dfg/DFGGraph.cpp:
105         (JSC::DFG::Graph::dump):
106         (JSC::DFG::Graph::predictArgumentTypes):
107         * dfg/DFGGraph.h:
108         (JSC::DFG::Graph::Graph):
109         (Graph):
110         (JSC::DFG::Graph::getJSConstantPrediction):
111         (JSC::DFG::Graph::addShouldSpeculateInteger):
112         (JSC::DFG::Graph::isInt32Constant):
113         (JSC::DFG::Graph::isDoubleConstant):
114         (JSC::DFG::Graph::isNumberConstant):
115         (JSC::DFG::Graph::isBooleanConstant):
116         (JSC::DFG::Graph::isFunctionConstant):
117         (JSC::DFG::Graph::valueOfJSConstant):
118         (JSC::DFG::Graph::valueOfInt32Constant):
119         (JSC::DFG::Graph::valueOfNumberConstant):
120         (JSC::DFG::Graph::valueOfBooleanConstant):
121         (JSC::DFG::Graph::valueOfFunctionConstant):
122         (JSC::DFG::Graph::baselineCodeBlockFor):
123         (JSC::DFG::Graph::valueProfileFor):
124         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
125         * dfg/DFGJITCompiler.h:
126         (JSC::DFG::JITCompiler::JITCompiler):
127         (JITCompiler):
128         * dfg/DFGOSRExit.cpp:
129         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
130         * dfg/DFGPropagator.cpp:
131         (JSC::DFG::Propagator::Propagator):
132         (JSC::DFG::Propagator::isNotNegZero):
133         (JSC::DFG::Propagator::isNotZero):
134         (JSC::DFG::Propagator::propagateNodePredictions):
135         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
136         (JSC::DFG::Propagator::globalCFA):
137         (JSC::DFG::propagate):
138         * dfg/DFGPropagator.h:
139         (DFG):
140         * dfg/DFGSpeculativeJIT.cpp:
141         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
142         (JSC::DFG::SpeculativeJIT::compileAdd):
143         (JSC::DFG::SpeculativeJIT::compileArithSub):
144         * dfg/DFGSpeculativeJIT.h:
145         (JSC::DFG::SpeculativeJIT::isConstant):
146         (JSC::DFG::SpeculativeJIT::isJSConstant):
147         (JSC::DFG::SpeculativeJIT::isInt32Constant):
148         (JSC::DFG::SpeculativeJIT::isDoubleConstant):
149         (JSC::DFG::SpeculativeJIT::isNumberConstant):
150         (JSC::DFG::SpeculativeJIT::isBooleanConstant):
151         (JSC::DFG::SpeculativeJIT::isFunctionConstant):
152         (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
153         (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
154         (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
155         (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
156         (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
157         (JSC::DFG::SpeculativeJIT::speculationCheck):
158         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
159
160 2012-02-17  Ahmad Sharif  <asharif.tools@gmail.com>
161
162         There is a warning in memset in glibc that gets triggered through a
163         warndecl when the fill-value of memset is a non-zero constant and the
164         size is zero. This warning is enabled when building with
165         -D_FORTIFY_SOURCE=2. This patch fixes the warning.
166
167         https://bugs.webkit.org/show_bug.cgi?id=78513
168
169         Reviewed by Alexey Proskuryakov
170
171         * wtf/Vector.h:
172
173 2012-02-17  Kalev Lember  <kalevlember@gmail.com>
174
175         Remove unused parameters from WTF threading API
176         https://bugs.webkit.org/show_bug.cgi?id=78389
177
178         Reviewed by Adam Roben.
179
180         waitForThreadCompletion() had an out param 'void **result' to get the
181         'void *' returned by ThreadFunction. However, the implementation in
182         ThreadingWin.cpp ignored the out param, not filling it in. This had
183         led to a situation where none of the client code made use of the param
184         and just ignored it.
185
186         To clean this up, the patch changes the signature of ThreadFunction to
187         return void instead of void* and drops the the unused 'void **result'
188         parameter from waitForThreadCompletion. Also, all client code is
189         updated for the API change.
190
191         As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
192         though the change only affects internal API, Safari is using it
193         directly and we'll need to keep the old versions around for ABI
194         compatibility. For this, the patch adds compatibility wrappers with
195         the old ABI.
196
197         * JavaScriptCore.order:
198         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
199         * bytecode/SamplingTool.cpp:
200         (JSC::SamplingThread::threadStartFunc):
201         (JSC::SamplingThread::stop):
202         * bytecode/SamplingTool.h:
203         (SamplingThread):
204         * heap/Heap.cpp:
205         (JSC::Heap::~Heap):
206         (JSC::Heap::blockFreeingThreadStartFunc):
207         * heap/Heap.h:
208         * heap/MarkStack.cpp:
209         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
210         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
211         * heap/MarkStack.h:
212         (MarkStackThreadSharedData):
213         * wtf/ParallelJobsGeneric.cpp:
214         (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
215         * wtf/ParallelJobsGeneric.h:
216         (ThreadPrivate):
217         * wtf/ThreadFunctionInvocation.h: Update the signature of
218         ThreadFunction.
219         (WTF):
220         * wtf/Threading.cpp:
221         (WTF::threadEntryPoint): Update for ThreadFunction signature change.
222         (WTF):
223         (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
224         ABI compatibility function for Safari.
225         (ThreadFunctionWithReturnValueInvocation): Ditto.
226         (WTF::compatEntryPoint): Ditto.
227         (WTF::createThread): Ditto.
228         (WTF::waitForThreadCompletion): Ditto.
229         * wtf/Threading.h: Update the signature of ThreadFunction and
230         waitForThreadCompletion.
231         (WTF):
232         * wtf/ThreadingPthreads.cpp: Implement the new API.
233         (WTF::wtfThreadEntryPoint):
234         (WTF):
235         (WTF::createThreadInternal):
236         (WTF::waitForThreadCompletion):
237         * wtf/ThreadingWin.cpp: Implement the new API.
238         (WTF::wtfThreadEntryPoint):
239         (WTF::waitForThreadCompletion):
240
241 2012-02-16  Oliver Hunt  <oliver@apple.com>
242
243         Implement Error.stack
244         https://bugs.webkit.org/show_bug.cgi?id=66994
245
246         Reviewed by Gavin Barraclough.
247
248         Implement support for stack traces on exception objects.  This is a rewrite
249         of the core portion of the last stack walking logic, but the mechanical work
250         of adding the information to an exception comes from the original work by
251         Juan Carlos Montemayor Elosua.
252
253         * interpreter/Interpreter.cpp:
254         (JSC::getCallerInfo):
255         (JSC):
256         (JSC::getSourceURLFromCallFrame):
257         (JSC::getStackFrameCodeType):
258         (JSC::Interpreter::getStackTrace):
259         (JSC::Interpreter::throwException):
260         (JSC::Interpreter::privateExecute):
261         * interpreter/Interpreter.h:
262         (JSC):
263         (StackFrame):
264         (JSC::StackFrame::toString):
265         (Interpreter):
266         * jsc.cpp:
267         (GlobalObject::finishCreation):
268         (functionJSCStack):
269         * parser/Nodes.h:
270         (JSC::FunctionBodyNode::setInferredName):
271         * parser/Parser.h:
272         (JSC::::parse):
273         * runtime/CommonIdentifiers.h:
274         * runtime/Error.cpp:
275         (JSC::addErrorInfo):
276         * runtime/Error.h:
277         (JSC):
278
279 2012-02-17  Mark Hahnenberg  <mhahnenberg@apple.com>
280
281         Rename Bump* to Copy*
282         https://bugs.webkit.org/show_bug.cgi?id=78573
283
284         Reviewed by Geoffrey Garen.
285
286         Renamed anything with "Bump" in the name to have "Copied" instead.
287
288         * CMakeLists.txt:
289         * GNUmakefile.list.am:
290         * JavaScriptCore.gypi:
291         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
292         * JavaScriptCore.xcodeproj/project.pbxproj:
293         * Target.pri:
294         * heap/BumpBlock.h: Removed.
295         * heap/BumpSpace.cpp: Removed.
296         * heap/BumpSpace.h: Removed.
297         * heap/BumpSpaceInlineMethods.h: Removed.
298         * heap/ConservativeRoots.cpp:
299         (JSC::ConservativeRoots::ConservativeRoots):
300         (JSC::ConservativeRoots::genericAddPointer):
301         * heap/ConservativeRoots.h:
302         (ConservativeRoots):
303         * heap/CopiedBlock.h: Added.
304         (JSC):
305         (CopiedBlock):
306         (JSC::CopiedBlock::CopiedBlock):
307         * heap/CopiedSpace.cpp: Added.
308         (JSC):
309         (JSC::CopiedSpace::tryAllocateSlowCase):
310         * heap/CopiedSpace.h: Added.
311         (JSC):
312         (CopiedSpace):
313         (JSC::CopiedSpace::isInCopyPhase):
314         (JSC::CopiedSpace::totalMemoryAllocated):
315         (JSC::CopiedSpace::totalMemoryUtilized):
316         * heap/CopiedSpaceInlineMethods.h: Added.
317         (JSC):
318         (JSC::CopiedSpace::CopiedSpace):
319         (JSC::CopiedSpace::init):
320         (JSC::CopiedSpace::contains):
321         (JSC::CopiedSpace::pin):
322         (JSC::CopiedSpace::startedCopying):
323         (JSC::CopiedSpace::doneCopying):
324         (JSC::CopiedSpace::doneFillingBlock):
325         (JSC::CopiedSpace::recycleBlock):
326         (JSC::CopiedSpace::getFreshBlock):
327         (JSC::CopiedSpace::borrowBlock):
328         (JSC::CopiedSpace::addNewBlock):
329         (JSC::CopiedSpace::allocateNewBlock):
330         (JSC::CopiedSpace::fitsInBlock):
331         (JSC::CopiedSpace::fitsInCurrentBlock):
332         (JSC::CopiedSpace::tryAllocate):
333         (JSC::CopiedSpace::tryAllocateOversize):
334         (JSC::CopiedSpace::allocateFromBlock):
335         (JSC::CopiedSpace::tryReallocate):
336         (JSC::CopiedSpace::tryReallocateOversize):
337         (JSC::CopiedSpace::isOversize):
338         (JSC::CopiedSpace::isPinned):
339         (JSC::CopiedSpace::oversizeBlockFor):
340         (JSC::CopiedSpace::blockFor):
341         * heap/Heap.cpp:
342         * heap/Heap.h:
343         (JSC):
344         (Heap):
345         * heap/MarkStack.cpp:
346         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
347         (JSC::SlotVisitor::drainFromShared):
348         (JSC::SlotVisitor::startCopying):
349         (JSC::SlotVisitor::allocateNewSpace):
350         (JSC::SlotVisitor::doneCopying):
351         * heap/MarkStack.h:
352         (MarkStackThreadSharedData):
353         * heap/SlotVisitor.h:
354         (SlotVisitor):
355         * runtime/JSArray.cpp:
356         * runtime/JSObject.cpp:
357
358 2012-02-16  Yuqiang Xian  <yuqiang.xian@intel.com>
359
360         Add JSC code profiling support on Linux x86
361         https://bugs.webkit.org/show_bug.cgi?id=78871
362
363         Reviewed by Gavin Barraclough.
364
365         We don't unwind the stack for now as we cannot guarantee all the
366         libraries are compiled without -fomit-frame-pointer.
367
368         * tools/CodeProfile.cpp:
369         (JSC::CodeProfile::sample):
370         * tools/CodeProfiling.cpp:
371         (JSC):
372         (JSC::profilingTimer):
373         (JSC::CodeProfiling::begin):
374         (JSC::CodeProfiling::end):
375
376 2012-02-16  Csaba Osztrogonác  <ossy@webkit.org>
377
378         Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
379
380         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
381         * interpreter/Interpreter.cpp:
382         (JSC::Interpreter::throwException):
383         (JSC::Interpreter::privateExecute):
384         * interpreter/Interpreter.h:
385         (JSC):
386         (Interpreter):
387         * jsc.cpp:
388         (GlobalObject::finishCreation):
389         * parser/Nodes.h:
390         (JSC::FunctionBodyNode::setInferredName):
391         * parser/Parser.h:
392         (JSC::::parse):
393         * runtime/CommonIdentifiers.h:
394         * runtime/Error.cpp:
395         (JSC::addErrorInfo):
396         * runtime/Error.h:
397         (JSC):
398
399 2012-02-16  Filip Pizlo  <fpizlo@apple.com>
400
401         ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
402         https://bugs.webkit.org/show_bug.cgi?id=78791
403
404         Rubber stamped by Oliver Hunt.
405         
406         Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
407         COMPUTED_GOTO_CLASSIC_INTERPRETER.
408
409         * bytecode/CodeBlock.cpp:
410         (JSC::CodeBlock::dump):
411         (JSC::CodeBlock::stronglyVisitStrongReferences):
412         (JSC):
413         (JSC::CodeBlock::shrinkToFit):
414         * bytecode/CodeBlock.h:
415         (CodeBlock):
416         * bytecode/Instruction.h:
417         (JSC::Instruction::Instruction):
418         * bytecode/Opcode.h:
419         (JSC::padOpcodeName):
420         * bytecompiler/BytecodeGenerator.cpp:
421         (JSC::BytecodeGenerator::emitResolve):
422         (JSC::BytecodeGenerator::emitResolveWithBase):
423         (JSC::BytecodeGenerator::emitGetById):
424         (JSC::BytecodeGenerator::emitPutById):
425         (JSC::BytecodeGenerator::emitDirectPutById):
426         * interpreter/AbstractPC.cpp:
427         (JSC::AbstractPC::AbstractPC):
428         * interpreter/AbstractPC.h:
429         (AbstractPC):
430         * interpreter/CallFrame.h:
431         (ExecState):
432         * interpreter/Interpreter.cpp:
433         (JSC):
434         (JSC::Interpreter::initialize):
435         (JSC::Interpreter::isOpcode):
436         (JSC::Interpreter::unwindCallFrame):
437         (JSC::Interpreter::execute):
438         (JSC::Interpreter::privateExecute):
439         (JSC::Interpreter::retrieveLastCaller):
440         * interpreter/Interpreter.h:
441         (JSC::Interpreter::getOpcode):
442         (JSC::Interpreter::getOpcodeID):
443         (Interpreter):
444         * jit/ExecutableAllocatorFixedVMPool.cpp:
445         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
446         * runtime/Executable.cpp:
447         (JSC::EvalExecutable::compileInternal):
448         (JSC::ProgramExecutable::compileInternal):
449         (JSC::FunctionExecutable::compileForCallInternal):
450         (JSC::FunctionExecutable::compileForConstructInternal):
451         * runtime/Executable.h:
452         (NativeExecutable):
453         * runtime/JSGlobalData.cpp:
454         (JSC::JSGlobalData::JSGlobalData):
455         (JSC::JSGlobalData::getHostFunction):
456         * runtime/JSGlobalData.h:
457         (JSGlobalData):
458         * wtf/OSAllocatorPosix.cpp:
459         (WTF::OSAllocator::reserveAndCommit):
460         * wtf/Platform.h:
461
462 2012-02-15  Geoffrey Garen  <ggaren@apple.com>
463
464         Made Weak<T> single-owner, adding PassWeak<T>
465         https://bugs.webkit.org/show_bug.cgi?id=78740
466
467         Reviewed by Sam Weinig.
468
469         This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
470
471         This clarifies the semantics of finalizers: It's ambiguous and probably
472         a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
473         twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a 
474         Weak<T>, we now use PassWeak<T>.
475
476         This also makes Weak<T> HashMaps more efficient.
477
478         * API/JSClassRef.cpp:
479         (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since 
480         set() is gone now.
481
482         * JavaScriptCore.xcodeproj/project.pbxproj: Export!
483
484         * heap/PassWeak.h: Added.
485         (JSC):
486         (PassWeak):
487         (JSC::PassWeak::PassWeak):
488         (JSC::PassWeak::~PassWeak):
489         (JSC::PassWeak::get):
490         (JSC::::leakHandle):
491         (JSC::adoptWeak):
492         (JSC::operator==):
493         (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
494
495         * heap/Weak.h:
496         (Weak):
497         (JSC::Weak::Weak):
498         (JSC::Weak::release):
499         (JSC::Weak::hashTableDeletedValue):
500         (JSC::=):
501         (JSC): Changed to be non-copyable, removing a lot of copying-related
502         APIs. Added hash traits so hash maps still work.
503
504         * jit/JITStubs.cpp:
505         (JSC::JITThunks::hostFunctionStub):
506         * runtime/RegExpCache.cpp:
507         (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
508         our new hash map API.
509
510 2012-02-16  Mark Hahnenberg  <mhahnenberg@apple.com>
511
512         Fix the broken viewport tests
513         https://bugs.webkit.org/show_bug.cgi?id=78774
514
515         Reviewed by Kenneth Rohde Christiansen.
516
517         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
518         * wtf/text/WTFString.cpp:
519         (WTF):
520         (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
521         want to allow trailing junk or not when calling strtod.
522         (WTF::charactersToDouble):
523         (WTF::charactersToFloat):
524         (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows 
525         trailing junk.
526         * wtf/text/WTFString.h:
527         (WTF):
528
529 2012-02-16  Oliver Hunt  <oliver@apple.com>
530
531         Implement Error.stack
532         https://bugs.webkit.org/show_bug.cgi?id=66994
533
534         Reviewed by Gavin Barraclough.
535
536         Implement support for stack traces on exception objects.  This is a rewrite
537         of the core portion of the last stack walking logic, but the mechanical work
538         of adding the information to an exception comes from the original work by
539         Juan Carlos Montemayor Elosua.
540
541         * interpreter/Interpreter.cpp:
542         (JSC::getCallerInfo):
543         (JSC):
544         (JSC::getSourceURLFromCallFrame):
545         (JSC::getStackFrameCodeType):
546         (JSC::Interpreter::getStackTrace):
547         (JSC::Interpreter::throwException):
548         (JSC::Interpreter::privateExecute):
549         * interpreter/Interpreter.h:
550         (JSC):
551         (StackFrame):
552         (JSC::StackFrame::toString):
553         (Interpreter):
554         * jsc.cpp:
555         (GlobalObject::finishCreation):
556         (functionJSCStack):
557         * parser/Nodes.h:
558         (JSC::FunctionBodyNode::setInferredName):
559         * parser/Parser.h:
560         (JSC::::parse):
561         * runtime/CommonIdentifiers.h:
562         * runtime/Error.cpp:
563         (JSC::addErrorInfo):
564         * runtime/Error.h:
565         (JSC):
566
567 2012-02-15  Gavin Barraclough  <barraclough@apple.com>
568
569         Numerous trivial bugs in Object.defineProperty
570         https://bugs.webkit.org/show_bug.cgi?id=78777
571
572         Reviewed by Sam Weinig.
573
574         There are a handful of really trivial bugs, related to Object.defineProperty:
575             * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
576             * Calling an undefined setter should only throw in strict mode.
577             * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
578             * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
579             * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
580             * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
581             * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
582             * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
583             * Should be able to define an non-configurable accessor.
584         These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
585
586         * runtime/JSArray.cpp:
587         (JSC::SparseArrayValueMap::put):
588             - Added ASSERT.
589             - Calling an undefined setter should only throw in strict mode.
590         (JSC::JSArray::putDescriptor):
591             - Should be able to define an non-configurable accessor.
592         (JSC::JSArray::defineOwnNumericProperty):
593             - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
594         (JSC::JSArray::putByIndexBeyondVectorLength):
595             - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
596         * runtime/JSArray.h:
597         (JSArray):
598             - made enterDictionaryMode public, called from JSObject.
599         * runtime/JSObject.cpp:
600         (JSC::JSObject::put):
601             - Calling an undefined setter should only throw in strict mode.
602         (JSC::JSObject::preventExtensions):
603             - Put array objects into dictionary mode to handle this!
604         (JSC::JSObject::defineOwnProperty):
605             - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
606             - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
607         * runtime/ObjectConstructor.cpp:
608         (JSC::objectConstructorDefineProperties):
609             - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
610         * runtime/PropertyDescriptor.cpp:
611         (JSC::PropertyDescriptor::attributesWithOverride):
612             - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
613         (JSC::PropertyDescriptor::attributesOverridingCurrent):
614             - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
615         * runtime/Structure.cpp:
616         (JSC::Structure::freezeTransition):
617             - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
618         (JSC::Structure::isFrozen):
619             - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
620
621 2012-02-13  Filip Pizlo  <fpizlo@apple.com>
622
623         DFG should not check the types of arguments that are dead
624         https://bugs.webkit.org/show_bug.cgi?id=78518
625
626         Reviewed by Geoff Garen.
627         
628         The argument checks are now elided if the corresponding SetArgument is dead,
629         and the abstract value of the argument is set to bottom (None, []). This is
630         performance neutral on the benchmarks we currently track.
631
632         * dfg/DFGAbstractState.cpp:
633         (JSC::DFG::AbstractState::initialize):
634         * dfg/DFGSpeculativeJIT.cpp:
635         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
636
637 2012-02-15  Oliver Hunt  <oliver@apple.com>
638
639         Ensure that the DFG JIT always plants a CodeOrigin when making calls
640         https://bugs.webkit.org/show_bug.cgi?id=78763
641
642         Reviewed by Gavin Barraclough.
643
644         Make all calls plant a CodeOrigin prior to the actual
645         call.  Also clobbers the Interpreter with logic to ensure
646         that the interpreter always plants a bytecode offset.
647
648         * dfg/DFGJITCompiler.cpp:
649         (JSC::DFG::JITCompiler::link):
650         (JSC::DFG::JITCompiler::compileFunction):
651         * dfg/DFGJITCompiler.h:
652         (CallBeginToken):
653         (JSC::DFG::JITCompiler::beginJSCall):
654         (JSC::DFG::JITCompiler::beginCall):
655         * dfg/DFGRepatch.cpp:
656         (JSC::DFG::tryBuildGetByIDList):
657         * dfg/DFGSpeculativeJIT.h:
658         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
659         * dfg/DFGSpeculativeJIT32_64.cpp:
660         (JSC::DFG::SpeculativeJIT::emitCall):
661         * dfg/DFGSpeculativeJIT64.cpp:
662         (JSC::DFG::SpeculativeJIT::emitCall):
663         * interpreter/AbstractPC.cpp:
664         (JSC::AbstractPC::AbstractPC):
665         * interpreter/CallFrame.cpp:
666         (JSC::CallFrame::trueCallFrame):
667         * interpreter/CallFrame.h:
668         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
669         (ExecState):
670         (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
671         (JSC::ExecState::codeOriginIndexForDFG):
672
673 2012-02-14  Oliver Hunt  <oliver@apple.com>
674
675         Fix Interpreter.
676
677         * runtime/Executable.cpp:
678         (JSC):
679         * runtime/Executable.h:
680         (ExecutableBase):
681
682 2012-02-14  Matt Lilek  <mrl@apple.com>
683
684         Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
685         https://bugs.webkit.org/show_bug.cgi?id=78629
686
687         Reviewed by David Kilzer.
688
689         * Configurations/FeatureDefines.xcconfig:
690
691 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
692
693         Unreviewed, build fix for non-DFG platforms.
694
695         * assembler/MacroAssembler.h:
696         (MacroAssembler):
697
698 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
699
700         Unreviewed, fix build and configuration goof.
701
702         * assembler/MacroAssembler.h:
703         (JSC::MacroAssembler::invert):
704         * dfg/DFGCommon.h:
705
706 2012-02-13  Filip Pizlo  <fpizlo@apple.com>
707
708         DFG should be able to emit code on control flow edges
709         https://bugs.webkit.org/show_bug.cgi?id=78515
710
711         Reviewed by Gavin Barraclough.
712         
713         This gets us a few steps closer to being able to perform global register allocation,
714         by allowing us to have landing pads on control flow edges. This will let us reshuffle
715         registers if it happens to be necessary due to different reg alloc decisions in
716         differen blocks.
717         
718         This also introduces the notion of a landing pad for OSR entry, which will allow us
719         to emit code that places data into registers when we're entering into the DFG from
720         the old JIT.
721         
722         Finally, this patch introduces a verification mode that checks that the landing pads
723         are actually emitted and do actually work as advertised. When verification is disabled,
724         this has no effect on behavior.
725
726         * assembler/MacroAssembler.h:
727         (MacroAssembler):
728         (JSC::MacroAssembler::invert):
729         (JSC::MacroAssembler::isInvertible):
730         * dfg/DFGCommon.h:
731         * dfg/DFGJITCompiler.cpp:
732         (JSC::DFG::JITCompiler::compile):
733         (JSC::DFG::JITCompiler::compileFunction):
734         * dfg/DFGSpeculativeJIT.cpp:
735         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
736         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
737         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
738         (JSC::DFG::SpeculativeJIT::compile):
739         (JSC::DFG::SpeculativeJIT::createOSREntries):
740         (DFG):
741         (JSC::DFG::SpeculativeJIT::linkOSREntries):
742         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
743         * dfg/DFGSpeculativeJIT.h:
744         (SpeculativeJIT):
745         (JSC::DFG::SpeculativeJIT::branchDouble):
746         (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
747         (JSC::DFG::SpeculativeJIT::branch32):
748         (JSC::DFG::SpeculativeJIT::branchTest32):
749         (JSC::DFG::SpeculativeJIT::branchPtr):
750         (JSC::DFG::SpeculativeJIT::branchTestPtr):
751         (JSC::DFG::SpeculativeJIT::branchTest8):
752         (JSC::DFG::SpeculativeJIT::jump):
753         (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
754         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
755         * dfg/DFGSpeculativeJIT32_64.cpp:
756         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
757         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
758         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
759         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
760         (JSC::DFG::SpeculativeJIT::emitBranch):
761         (JSC::DFG::SpeculativeJIT::compile):
762         * dfg/DFGSpeculativeJIT64.cpp:
763         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
764         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
765         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
766         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
767         (JSC::DFG::SpeculativeJIT::emitBranch):
768         (JSC::DFG::SpeculativeJIT::compile):
769
770 2012-02-14  Filip Pizlo  <fpizlo@apple.com>
771
772         Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
773         https://bugs.webkit.org/show_bug.cgi?id=78153
774         <rdar://problem/10861712> <rdar://problem/10861947>
775
776         Reviewed by Oliver Hunt.
777
778         * dfg/DFGAbstractState.cpp:
779         (JSC::DFG::AbstractState::execute):
780         * dfg/DFGSpeculativeJIT.cpp:
781         (JSC::DFG::SpeculativeJIT::compileAdd):
782
783 2012-02-14  Eric Seidel  <eric@webkit.org>
784
785         Upstream Android's additions to Platform.h
786         https://bugs.webkit.org/show_bug.cgi?id=78536
787
788         Reviewed by Adam Barth.
789
790         * wtf/Platform.h:
791
792 2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
793
794         Replace old strtod with new strtod
795         https://bugs.webkit.org/show_bug.cgi?id=68044
796
797         Reviewed by Geoffrey Garen.
798
799         * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
800         (JSC::::lex):
801         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
802         (JSC::parseInt):
803         (JSC::jsStrDecimalLiteral):
804         * runtime/LiteralParser.cpp: Ditto.
805         (JSC::::Lexer::lexNumber):
806         * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
807         It takes a template argument to allow clients to determine statically whether it should allow 
808         junk after the numbers or not.
809         (WTF):
810         (WTF::strtod):
811         * wtf/dtoa.h:
812         (WTF):
813         * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
814         (WTF::toDoubleType):
815
816 2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
817
818         More windows build fixing
819
820         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
821
822 2012-02-13  Oliver Hunt  <oliver@apple.com>
823
824         Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
825         https://bugs.webkit.org/show_bug.cgi?id=76315
826
827         Reviewed by Gavin Barraclough.
828
829         Perform a 3 byte compare using two comparisons, rather than trying to perform the
830         operation with a four byte load.
831
832         * yarr/YarrJIT.cpp:
833         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
834
835 2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
836
837         Windows build fix
838
839         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
840
841 2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
842
843         Replace old strtod with new strtod
844         https://bugs.webkit.org/show_bug.cgi?id=68044
845
846         Reviewed by Geoffrey Garen.
847
848         * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
849         (JSC::::lex):
850         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
851         (JSC::parseInt):
852         (JSC::jsStrDecimalLiteral):
853         * runtime/LiteralParser.cpp: Ditto.
854         (JSC::::Lexer::lexNumber):
855         * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
856         It takes a template argument to allow clients to determine statically whether it should allow 
857         junk after the numbers or not.
858         (WTF):
859         (WTF::strtod):
860         * wtf/dtoa.h:
861         (WTF):
862         * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
863         (WTF::toDoubleType):
864
865 2012-02-13  Sam Weinig  <sam@webkit.org>
866
867         Move JSC related assertions out of Assertions.h and into their own header
868         https://bugs.webkit.org/show_bug.cgi?id=78508
869
870         Reviewed by Gavin Barraclough.
871
872         * GNUmakefile.list.am:
873         * JavaScriptCore.gypi:
874         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
875         * JavaScriptCore.xcodeproj/project.pbxproj:
876         Add GCAssertions.h
877
878         * heap/GCAssertions.h: Added.
879         Move assertions here.
880
881         * runtime/WriteBarrier.h:
882         Add #include of GCAssertions.h
883
884         * wtf/Assertions.h:
885         Remove JSC related assertions.
886
887         * wtf/Compiler.h:
888         Add compiler check for __has_trivial_destructor.
889
890 2012-02-13  Chao-ying Fu  <fu@mips.com>
891
892         Update MIPS patchOffsetGetByIdSlowCaseCall
893         https://bugs.webkit.org/show_bug.cgi?id=78392
894
895         Reviewed by Gavin Barraclough.
896
897         * jit/JIT.h:
898         (JIT):
899
900 2012-02-13  Patrick Gansterer  <paroga@webkit.org>
901
902         Remove obsolete #if from ThreadSpecific.h
903         https://bugs.webkit.org/show_bug.cgi?id=78485
904
905         Reviewed by Adam Roben.
906
907         Since alle platform use either pthread or Win32 for threading,
908         we can remove all PLATFORM() preprocessor statements.
909
910         * wtf/ThreadSpecific.h:
911         (ThreadSpecific):
912
913 2012-02-13  Jessie Berlin  <jberlin@apple.com>
914
915         Fix the Windows build.
916
917         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
918
919 2012-02-13  Sam Weinig  <sam@webkit.org>
920
921         Use C11's _Static_assert for COMPILE_ASSERT if it is available
922         https://bugs.webkit.org/show_bug.cgi?id=78506
923
924         Rubber-stamped by Antti Koivisto.
925
926         Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
927         better error messages.
928
929         * wtf/Assertions.h:
930         Use _Static_assert if it is available.
931
932         * wtf/Compiler.h:
933         Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
934
935 2012-02-13  Mario Sanchez Prada  <msanchez@igalia.com>
936
937         [GTK] Add GSList to the list of GObject types in GOwnPtr
938         https://bugs.webkit.org/show_bug.cgi?id=78487
939
940         Reviewed by Philippe Normand.
941
942         Handle the GSList type in GOwnPtr, by calling g_slist_free in the
943         implementation of the freeOwnedGPtr template function.
944
945         * wtf/gobject/GOwnPtr.cpp:
946         (WTF::GSList):
947         (WTF):
948         * wtf/gobject/GOwnPtr.h:
949         (WTF):
950         * wtf/gobject/GTypedefs.h:
951
952 2012-02-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
953
954         [EFL] Drop support for the Curl network backend.
955         https://bugs.webkit.org/show_bug.cgi?id=77874
956
957         Reviewed by Eric Seidel.
958
959         Nobody seems to be maintaining the Curl backend in WebCore, the
960         EFL port developers all seem to be using the Soup backend and the
961         port itself has many features which are only implemented for the
962         latter.
963
964         * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
965         files.
966
967 2012-02-13  Patrick Gansterer  <paroga@webkit.org>
968
969         Unreviewed. Build fix for !ENABLE(JIT) after r107485.
970
971         * bytecode/PolymorphicPutByIdList.cpp:
972
973 2012-02-13  Gavin Barraclough  <barraclough@apple.com>
974
975         https://bugs.webkit.org/show_bug.cgi?id=78434
976         Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
977
978         * parser/Parser.cpp:
979         (JSC::::parseFunctionInfo):
980         * runtime/ClassInfo.h:
981         (MethodTable):
982         (JSC):
983         * runtime/JSCell.cpp:
984         (JSC):
985         * runtime/JSCell.h:
986         (JSCell):
987         * runtime/JSGlobalObject.cpp:
988         (JSC::JSGlobalObject::reset):
989         * runtime/JSGlobalObjectFunctions.cpp:
990         (JSC):
991         * runtime/JSGlobalObjectFunctions.h:
992         (JSC):
993         * runtime/JSObject.cpp:
994         (JSC::JSObject::put):
995         (JSC):
996         (JSC::JSObject::putDirectAccessor):
997         (JSC::JSObject::defineOwnProperty):
998         * runtime/JSObject.h:
999         (JSC::JSObject::inlineGetOwnPropertySlot):
1000         (JSC::JSValue::get):
1001         * runtime/JSString.cpp:
1002         (JSC::JSString::getOwnPropertySlot):
1003         * runtime/JSValue.h:
1004         (JSValue):
1005         * runtime/ObjectConstructor.cpp:
1006         (JSC::objectConstructorGetPrototypeOf):
1007         * runtime/Structure.cpp:
1008         (JSC::Structure::Structure):
1009         * runtime/Structure.h:
1010         (JSC::Structure::setHasGetterSetterProperties):
1011         (Structure):
1012
1013 2012-02-12  Ashod Nakashian  <ashodnakashian@yahoo.com>
1014
1015         KeywordLookupGenerator.py script fails in some cases
1016         https://bugs.webkit.org/show_bug.cgi?id=77886
1017
1018         Reviewed by Benjamin Poulain.
1019
1020         * parser/Keywords.table: Converted to LF-only.
1021
1022 2012-02-12  Shinya Kawanaka  <shinyak@google.com>
1023
1024         Introduce ShadowRootList.
1025         https://bugs.webkit.org/show_bug.cgi?id=78069
1026
1027         Reviewed by Hajime Morita.
1028
1029         DoublyLinkedList should have tail() method to take the last element.
1030
1031         * wtf/DoublyLinkedList.h:
1032         (DoublyLinkedList):
1033         (WTF::::tail):
1034         (WTF):
1035
1036 2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
1037
1038         [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
1039         https://bugs.webkit.org/show_bug.cgi?id=78436
1040
1041         Reviewed by Daniel Bates.
1042
1043         * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
1044         and correctly sort the files which start with 'M'.
1045
1046 2012-02-12  Sam Weinig  <sam@webkit.org>
1047
1048         Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
1049
1050         Rubber-stamped by Anders Carlsson.
1051
1052         * JavaScriptCore.xcodeproj/project.pbxproj:
1053
1054 2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
1055
1056         [CMake] Remove unused or empty variable definitions.
1057         https://bugs.webkit.org/show_bug.cgi?id=78437
1058
1059         Reviewed by Daniel Bates.
1060
1061         * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
1062         * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
1063         * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
1064         be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
1065
1066 2012-02-12  Filip Pizlo  <fpizlo@apple.com>
1067
1068         DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
1069         https://bugs.webkit.org/show_bug.cgi?id=78431
1070
1071         Reviewed by Gavin Barraclough.
1072
1073         * dfg/DFGSpeculativeJIT.h:
1074         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1075
1076 2012-02-11  Benjamin Poulain  <benjamin@webkit.org>
1077
1078         Add back WTFURL to WebKit
1079         https://bugs.webkit.org/show_bug.cgi?id=77291
1080
1081         Reviewed by Adam Barth.
1082
1083         WTFURL was removed from WebKit in r86787.
1084
1085         This patch adds the code back to WTF with the following changes:
1086         -Guard the feature with USE(WTFURL).
1087         -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
1088         -Fix some coding style to make check-webkit-style happy.
1089
1090         * JavaScriptCore.xcodeproj/project.pbxproj:
1091         * wtf/Platform.h:
1092         * wtf/url/api/ParsedURL.cpp: Added.
1093         (WTF):
1094         (WTF::ParsedURL::ParsedURL):
1095         (WTF::ParsedURL::scheme):
1096         (WTF::ParsedURL::username):
1097         (WTF::ParsedURL::password):
1098         (WTF::ParsedURL::host):
1099         (WTF::ParsedURL::port):
1100         (WTF::ParsedURL::path):
1101         (WTF::ParsedURL::query):
1102         (WTF::ParsedURL::fragment):
1103         (WTF::ParsedURL::segment):
1104         * wtf/url/api/ParsedURL.h: Added.
1105         (WTF):
1106         (ParsedURL):
1107         (WTF::ParsedURL::spec):
1108         * wtf/url/api/URLString.h: Added.
1109         (WTF):
1110         (URLString):
1111         (WTF::URLString::URLString):
1112         (WTF::URLString::string):
1113         * wtf/url/src/RawURLBuffer.h: Added.
1114         (WTF):
1115         (RawURLBuffer):
1116         (WTF::RawURLBuffer::RawURLBuffer):
1117         (WTF::RawURLBuffer::~RawURLBuffer):
1118         (WTF::RawURLBuffer::resize):
1119         * wtf/url/src/URLBuffer.h: Added.
1120         (WTF):
1121         (URLBuffer):
1122         (WTF::URLBuffer::URLBuffer):
1123         (WTF::URLBuffer::~URLBuffer):
1124         (WTF::URLBuffer::at):
1125         (WTF::URLBuffer::set):
1126         (WTF::URLBuffer::capacity):
1127         (WTF::URLBuffer::length):
1128         (WTF::URLBuffer::data):
1129         (WTF::URLBuffer::setLength):
1130         (WTF::URLBuffer::append):
1131         (WTF::URLBuffer::grow):
1132         * wtf/url/src/URLCharacterTypes.cpp: Added.
1133         (WTF):
1134         ():
1135         * wtf/url/src/URLCharacterTypes.h: Added.
1136         (WTF):
1137         (URLCharacterTypes):
1138         (WTF::URLCharacterTypes::isQueryChar):
1139         (WTF::URLCharacterTypes::isIPv4Char):
1140         (WTF::URLCharacterTypes::isHexChar):
1141         ():
1142         (WTF::URLCharacterTypes::isCharOfType):
1143         * wtf/url/src/URLComponent.h: Added.
1144         (WTF):
1145         (URLComponent):
1146         (WTF::URLComponent::URLComponent):
1147         (WTF::URLComponent::fromRange):
1148         (WTF::URLComponent::isValid):
1149         (WTF::URLComponent::isNonEmpty):
1150         (WTF::URLComponent::isEmptyOrInvalid):
1151         (WTF::URLComponent::reset):
1152         (WTF::URLComponent::operator==):
1153         (WTF::URLComponent::begin):
1154         (WTF::URLComponent::setBegin):
1155         (WTF::URLComponent::length):
1156         (WTF::URLComponent::setLength):
1157         (WTF::URLComponent::end):
1158         * wtf/url/src/URLEscape.cpp: Added.
1159         (WTF):
1160         ():
1161         * wtf/url/src/URLEscape.h: Added.
1162         (WTF):
1163         (WTF::appendURLEscapedCharacter):
1164         * wtf/url/src/URLParser.h: Added.
1165         (WTF):
1166         (URLParser):
1167         ():
1168         (WTF::URLParser::isPossibleAuthorityTerminator):
1169         (WTF::URLParser::parseAuthority):
1170         (WTF::URLParser::extractScheme):
1171         (WTF::URLParser::parseAfterScheme):
1172         (WTF::URLParser::parseStandardURL):
1173         (WTF::URLParser::parsePath):
1174         (WTF::URLParser::parsePathURL):
1175         (WTF::URLParser::parseMailtoURL):
1176         (WTF::URLParser::parsePort):
1177         (WTF::URLParser::extractFileName):
1178         (WTF::URLParser::extractQueryKeyValue):
1179         (WTF::URLParser::isURLSlash):
1180         (WTF::URLParser::shouldTrimFromURL):
1181         (WTF::URLParser::trimURL):
1182         (WTF::URLParser::consecutiveSlashes):
1183         (WTF::URLParser::isPortDigit):
1184         (WTF::URLParser::nextAuthorityTerminator):
1185         (WTF::URLParser::parseUserInfo):
1186         (WTF::URLParser::parseServerInfo):
1187         * wtf/url/src/URLQueryCanonicalizer.h: Added.
1188         (WTF):
1189         (URLQueryCanonicalizer):
1190         (WTF::URLQueryCanonicalizer::canonicalize):
1191         (WTF::URLQueryCanonicalizer::isAllASCII):
1192         (WTF::URLQueryCanonicalizer::isRaw8Bit):
1193         (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
1194         (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
1195         * wtf/url/src/URLSegments.cpp: Added.
1196         (WTF):
1197         (WTF::URLSegments::length):
1198         (WTF::URLSegments::charactersBefore):
1199         * wtf/url/src/URLSegments.h: Added.
1200         (WTF):
1201         (URLSegments):
1202         ():
1203         (WTF::URLSegments::URLSegments):
1204
1205 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1206
1207         Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
1208         https://bugs.webkit.org/show_bug.cgi?id=78430
1209         <rdar://problem/10849469> <rdar://problem/10849684>
1210
1211         Reviewed by Gavin Barraclough.
1212         
1213         The old JIT's put_by_id transition caching involves repatching the slow call to
1214         a generated stub. That means that the call is counted as "slow case". So, this
1215         patch inserts code to decrement the slow case count if the stub succeeds.
1216         
1217         Looks like a ~1% speed-up on V8.
1218
1219         * jit/JITPropertyAccess.cpp:
1220         (JSC::JIT::privateCompilePutByIdTransition):
1221         * jit/JITPropertyAccess32_64.cpp:
1222         (JSC::JIT::privateCompilePutByIdTransition):
1223
1224 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1225
1226         Build fix for Qt.
1227
1228         * wtf/DataLog.h:
1229
1230 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1231
1232         It should be possible to send all JSC debug logging to a file
1233         https://bugs.webkit.org/show_bug.cgi?id=78418
1234
1235         Reviewed by Sam Weinig.
1236         
1237         Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
1238         and WTF::dataLogV. Changed all debugging- and profiling-related printfs
1239         to use WTF::dataLog() or one of its friends. By default, debug logging
1240         goes to stderr, unless you change the setting in wtf/DataLog.cpp.
1241
1242         * GNUmakefile.list.am:
1243         * JavaScriptCore.gypi:
1244         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1245         * JavaScriptCore.xcodeproj/project.pbxproj:
1246         * assembler/LinkBuffer.h:
1247         (JSC::LinkBuffer::dumpLinkStatistics):
1248         (JSC::LinkBuffer::dumpCode):
1249         * assembler/SH4Assembler.h:
1250         (JSC::SH4Assembler::vprintfStdoutInstr):
1251         * bytecode/CodeBlock.cpp:
1252         (JSC::CodeBlock::printUnaryOp):
1253         (JSC::CodeBlock::printBinaryOp):
1254         (JSC::CodeBlock::printConditionalJump):
1255         (JSC::CodeBlock::printGetByIdOp):
1256         (JSC::CodeBlock::printCallOp):
1257         (JSC::CodeBlock::printPutByIdOp):
1258         (JSC::printGlobalResolveInfo):
1259         (JSC::printStructureStubInfo):
1260         (JSC::CodeBlock::printStructure):
1261         (JSC::CodeBlock::printStructures):
1262         (JSC::CodeBlock::dump):
1263         (JSC::CodeBlock::dumpStatistics):
1264         (JSC::CodeBlock::finalizeUnconditionally):
1265         (JSC::CodeBlock::shouldOptimizeNow):
1266         (JSC::CodeBlock::tallyFrequentExitSites):
1267         (JSC::CodeBlock::dumpValueProfiles):
1268         * bytecode/Opcode.cpp:
1269         (JSC::OpcodeStats::~OpcodeStats):
1270         * bytecode/SamplingTool.cpp:
1271         (JSC::SamplingFlags::stop):
1272         (JSC::SamplingRegion::dumpInternal):
1273         (JSC::SamplingTool::dump):
1274         * dfg/DFGAbstractState.cpp:
1275         (JSC::DFG::AbstractState::endBasicBlock):
1276         (JSC::DFG::AbstractState::mergeStateAtTail):
1277         * dfg/DFGByteCodeParser.cpp:
1278         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1279         (JSC::DFG::ByteCodeParser::makeSafe):
1280         (JSC::DFG::ByteCodeParser::makeDivSafe):
1281         (JSC::DFG::ByteCodeParser::handleCall):
1282         (JSC::DFG::ByteCodeParser::handleInlining):
1283         (JSC::DFG::ByteCodeParser::parseBlock):
1284         (JSC::DFG::ByteCodeParser::processPhiStack):
1285         (JSC::DFG::ByteCodeParser::linkBlock):
1286         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1287         (JSC::DFG::ByteCodeParser::parse):
1288         * dfg/DFGCommon.h:
1289         * dfg/DFGDriver.cpp:
1290         (JSC::DFG::compile):
1291         * dfg/DFGGraph.cpp:
1292         (JSC::DFG::printWhiteSpace):
1293         (JSC::DFG::Graph::dumpCodeOrigin):
1294         (JSC::DFG::Graph::dump):
1295         (JSC::DFG::Graph::predictArgumentTypes):
1296         * dfg/DFGJITCompiler.cpp:
1297         (JSC::DFG::JITCompiler::link):
1298         * dfg/DFGOSREntry.cpp:
1299         (JSC::DFG::prepareOSREntry):
1300         * dfg/DFGOSRExitCompiler.cpp:
1301         * dfg/DFGOSRExitCompiler32_64.cpp:
1302         (JSC::DFG::OSRExitCompiler::compileExit):
1303         * dfg/DFGOSRExitCompiler64.cpp:
1304         (JSC::DFG::OSRExitCompiler::compileExit):
1305         * dfg/DFGOperations.cpp:
1306         * dfg/DFGPropagator.cpp:
1307         (JSC::DFG::Propagator::fixpoint):
1308         (JSC::DFG::Propagator::propagateArithNodeFlags):
1309         (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
1310         (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
1311         (JSC::DFG::Propagator::propagateNodePredictions):
1312         (JSC::DFG::Propagator::propagatePredictionsForward):
1313         (JSC::DFG::Propagator::propagatePredictionsBackward):
1314         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
1315         (JSC::DFG::Propagator::fixupNode):
1316         (JSC::DFG::Propagator::fixup):
1317         (JSC::DFG::Propagator::startIndexForChildren):
1318         (JSC::DFG::Propagator::endIndexForPureCSE):
1319         (JSC::DFG::Propagator::setReplacement):
1320         (JSC::DFG::Propagator::eliminate):
1321         (JSC::DFG::Propagator::performNodeCSE):
1322         (JSC::DFG::Propagator::localCSE):
1323         (JSC::DFG::Propagator::allocateVirtualRegisters):
1324         (JSC::DFG::Propagator::performBlockCFA):
1325         (JSC::DFG::Propagator::performForwardCFA):
1326         * dfg/DFGRegisterBank.h:
1327         (JSC::DFG::RegisterBank::dump):
1328         * dfg/DFGScoreBoard.h:
1329         (JSC::DFG::ScoreBoard::dump):
1330         * dfg/DFGSpeculativeJIT.cpp:
1331         (JSC::DFG::SpeculativeJIT::dump):
1332         (JSC::DFG::SpeculativeJIT::checkConsistency):
1333         (JSC::DFG::SpeculativeJIT::compile):
1334         * dfg/DFGSpeculativeJIT32_64.cpp:
1335         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1336         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1337         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1338         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1339         * dfg/DFGSpeculativeJIT64.cpp:
1340         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1341         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1342         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1343         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1344         * heap/Heap.cpp:
1345         (JSC::Heap::destroy):
1346         * heap/MarkedBlock.h:
1347         * interpreter/CallFrame.cpp:
1348         (JSC::CallFrame::dumpCaller):
1349         * interpreter/Interpreter.cpp:
1350         (JSC::Interpreter::dumpRegisters):
1351         * jit/JIT.cpp:
1352         (JSC::JIT::privateCompileMainPass):
1353         (JSC::JIT::privateCompileSlowCases):
1354         (JSC::JIT::privateCompile):
1355         * jit/JITStubs.cpp:
1356         (JSC::DEFINE_STUB_FUNCTION):
1357         * profiler/Profile.cpp:
1358         (JSC::Profile::debugPrintData):
1359         (JSC::Profile::debugPrintDataSampleStyle):
1360         * profiler/ProfileNode.cpp:
1361         (JSC::ProfileNode::debugPrintData):
1362         (JSC::ProfileNode::debugPrintDataSampleStyle):
1363         * runtime/JSGlobalData.cpp:
1364         (JSC::JSGlobalData::dumpRegExpTrace):
1365         * runtime/RegExp.cpp:
1366         (JSC::RegExp::matchCompareWithInterpreter):
1367         * runtime/SamplingCounter.cpp:
1368         (JSC::AbstractSamplingCounter::dump):
1369         * runtime/SamplingCounter.h:
1370         (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
1371         * runtime/ScopeChain.cpp:
1372         (JSC::ScopeChainNode::print):
1373         * runtime/Structure.cpp:
1374         (JSC::Structure::dumpStatistics):
1375         (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
1376         * tools/CodeProfile.cpp:
1377         (JSC::CodeProfile::report):
1378         * tools/ProfileTreeNode.h:
1379         (JSC::ProfileTreeNode::dumpInternal):
1380         * wtf/CMakeLists.txt:
1381         * wtf/DataLog.cpp: Added.
1382         (WTF):
1383         (WTF::initializeLogFileOnce):
1384         (WTF::initializeLogFile):
1385         (WTF::dataFile):
1386         (WTF::dataLogV):
1387         (WTF::dataLog):
1388         * wtf/DataLog.h: Added.
1389         (WTF):
1390         * wtf/HashTable.cpp:
1391         (WTF::HashTableStats::~HashTableStats):
1392         * wtf/MetaAllocator.cpp:
1393         (WTF::MetaAllocator::dumpProfile):
1394         * wtf/text/WTFString.cpp:
1395         (String::show):
1396         * yarr/YarrInterpreter.cpp:
1397         (JSC::Yarr::ByteCompiler::dumpDisjunction):
1398
1399 2012-02-11  Gavin Barraclough  <barraclough@apple.com>
1400
1401         Move special __proto__ property to Object.prototype
1402         https://bugs.webkit.org/show_bug.cgi?id=78409
1403
1404         Reviewed by Oliver Hunt.
1405
1406         Re-implement this as a regular accessor property.  This has three key benefits:
1407         1) It makes it possible for objects to be given properties named __proto__.
1408         2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
1409         3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
1410
1411         * parser/Parser.cpp:
1412         (JSC::::parseFunctionInfo):
1413             - No need to prohibit functions named __proto__.
1414         * runtime/JSGlobalObject.cpp:
1415         (JSC::JSGlobalObject::reset):
1416             - Add __proto__ accessor to Object.prototype.
1417         * runtime/JSGlobalObjectFunctions.cpp:
1418         (JSC::globalFuncProtoGetter):
1419         (JSC::globalFuncProtoSetter):
1420             - Definition of the __proto__ accessor functions.
1421         * runtime/JSGlobalObjectFunctions.h:
1422             - Declaration of the __proto__ accessor functions.
1423         * runtime/JSObject.cpp:
1424         (JSC::JSObject::put):
1425             - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
1426         (JSC::JSObject::putDirectAccessor):
1427             - Track on the structure whether an object contains accessors other than one for __proto__.
1428         (JSC::JSObject::defineOwnProperty):
1429             - No need to prohibit definition of own properties named __proto__.
1430         * runtime/JSObject.h:
1431         (JSC::JSObject::inlineGetOwnPropertySlot):
1432             - Remove the special handling for __proto__.
1433         (JSC::JSValue::get):
1434             - Remove the special handling for __proto__.
1435         * runtime/JSString.cpp:
1436         (JSC::JSString::getOwnPropertySlot):
1437             - Remove the special handling for __proto__.
1438         * runtime/JSValue.h:
1439         (JSValue):
1440             - Made synthesizePrototype public (this may be needed by the __proto__ getter).
1441         * runtime/ObjectConstructor.cpp:
1442         (JSC::objectConstructorGetPrototypeOf):
1443             - Perform the security check & call prototype() directly.
1444         * runtime/Structure.cpp:
1445         (JSC::Structure::Structure):
1446             - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
1447         * runtime/Structure.h:
1448         (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
1449         (JSC::Structure::setHasGetterSetterProperties):
1450         (Structure):
1451             - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
1452
1453 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1454
1455         DFG CFA assumes that a WeakJSConstant's structure is known
1456         https://bugs.webkit.org/show_bug.cgi?id=78428
1457         <rdar://problem/10849492> <rdar://problem/10849621>
1458
1459         Reviewed by Gavin Barraclough.
1460
1461         * dfg/DFGAbstractState.cpp:
1462         (JSC::DFG::AbstractState::execute):
1463
1464 2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1465
1466         Qt debug build fix
1467
1468         * heap/MarkedBlock.cpp:
1469         (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate 
1470         JSFinalObjects in the destuctor subspace, so we should remove this assert so it 
1471         doesn't cause crashes.
1472
1473 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1474
1475         Old 32_64 JIT should assert that its use of map() is consistent with the DFG
1476         OSR exit's expectations
1477         https://bugs.webkit.org/show_bug.cgi?id=78419
1478         <rdar://problem/10817121>
1479
1480         Reviewed by Oliver Hunt.
1481
1482         * jit/JITInlineMethods.h:
1483         (JSC::JIT::map):
1484
1485 2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1486
1487         Reduce the reentrancy limit of the interpreter for the iOS simulator
1488         https://bugs.webkit.org/show_bug.cgi?id=78400
1489
1490         Reviewed by Gavin Barraclough.
1491
1492         * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
1493         (JSC):
1494
1495 2012-02-11  Filip Pizlo  <fpizlo@apple.com>
1496
1497         [DFG] Misuse of WeakJSConstants in silentFillGPR code.
1498         https://bugs.webkit.org/show_bug.cgi?id=78423
1499         <rdar://problem/10849353> <rdar://problem/10804043>
1500
1501         Reviewed by Sam Weinig.
1502         
1503         The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
1504         This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
1505         hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
1506
1507         * dfg/DFGSpeculativeJIT.h:
1508         (JSC::DFG::SpeculativeJIT::silentFillGPR):
1509
1510 2012-02-11  Sam Weinig  <sam@webkit.org>
1511
1512         Prepare JavaScriptCore to build with libc++
1513         <rdar://problem/10426673>
1514         https://bugs.webkit.org/show_bug.cgi?id=78424
1515
1516         Reviewed by Anders Carlsson.
1517
1518         * wtf/NullPtr.cpp:
1519         * wtf/NullPtr.h:
1520         libc++ provides std::nullptr emulation, so we don't have to.
1521
1522 2012-02-07  Filip Pizlo  <fpizlo@apple.com>
1523
1524         DFG should have polymorphic put_by_id caching
1525         https://bugs.webkit.org/show_bug.cgi?id=78062
1526         <rdar://problem/10326439> <rdar://problem/10824839>
1527
1528         Reviewed by Oliver Hunt.
1529         
1530         Implemented polymorphic put_by_id caching in the DFG, and added much of the
1531         machinery that would be needed to implement it in the old JIT as well.
1532         
1533         I decided against using the old PolymorphicAccessStructureList mechanism as
1534         this didn't quite fit with put_by_id. In particular, I wanted the ability to
1535         have one list that captured all relevant cases (including proto put_by_id
1536         if we ever decided to do it). And I wanted the code to have better
1537         encapsulation. And I didn't want to get confused by the fact that the
1538         original (non-list) put_by_id cache may itself consist of a stub routine.
1539         
1540         This code is still sub-optimal (for example adding a replace to a list whose
1541         previous elements are all transitions should just repatch the original code,
1542         but here it will generate a stub) but it already generates a >20% speed-up
1543         on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
1544
1545         * CMakeLists.txt:
1546         * GNUmakefile.list.am:
1547         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1548         * JavaScriptCore.xcodeproj/project.pbxproj:
1549         * Target.pri:
1550         * bytecode/PolymorphicPutByIdList.cpp: Added.
1551         (JSC):
1552         (JSC::PutByIdAccess::fromStructureStubInfo):
1553         (JSC::PutByIdAccess::visitWeak):
1554         (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
1555         (JSC::PolymorphicPutByIdList::from):
1556         (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
1557         (JSC::PolymorphicPutByIdList::isFull):
1558         (JSC::PolymorphicPutByIdList::isAlmostFull):
1559         (JSC::PolymorphicPutByIdList::addAccess):
1560         (JSC::PolymorphicPutByIdList::visitWeak):
1561         * bytecode/PolymorphicPutByIdList.h: Added.
1562         (JSC):
1563         (PutByIdAccess):
1564         (JSC::PutByIdAccess::PutByIdAccess):
1565         (JSC::PutByIdAccess::transition):
1566         (JSC::PutByIdAccess::replace):
1567         (JSC::PutByIdAccess::isSet):
1568         (JSC::PutByIdAccess::operator!):
1569         (JSC::PutByIdAccess::type):
1570         (JSC::PutByIdAccess::isTransition):
1571         (JSC::PutByIdAccess::isReplace):
1572         (JSC::PutByIdAccess::oldStructure):
1573         (JSC::PutByIdAccess::structure):
1574         (JSC::PutByIdAccess::newStructure):
1575         (JSC::PutByIdAccess::chain):
1576         (JSC::PutByIdAccess::stubRoutine):
1577         (PolymorphicPutByIdList):
1578         (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
1579         (JSC::PolymorphicPutByIdList::isEmpty):
1580         (JSC::PolymorphicPutByIdList::size):
1581         (JSC::PolymorphicPutByIdList::at):
1582         (JSC::PolymorphicPutByIdList::operator[]):
1583         (JSC::PolymorphicPutByIdList::kind):
1584         * bytecode/PutKind.h: Added.
1585         (JSC):
1586         * bytecode/StructureStubInfo.cpp:
1587         (JSC::StructureStubInfo::deref):
1588         (JSC::StructureStubInfo::visitWeakReferences):
1589         * bytecode/StructureStubInfo.h:
1590         (JSC):
1591         (JSC::isPutByIdAccess):
1592         (JSC::StructureStubInfo::initPutByIdList):
1593         (StructureStubInfo):
1594         (JSC::StructureStubInfo::reset):
1595         * dfg/DFGOperations.cpp:
1596         * dfg/DFGOperations.h:
1597         (DFG):
1598         * dfg/DFGRepatch.cpp:
1599         (JSC::DFG::appropriateGenericPutByIdFunction):
1600         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1601         (DFG):
1602         (JSC::DFG::emitPutReplaceStub):
1603         (JSC::DFG::emitPutTransitionStub):
1604         (JSC::DFG::tryCachePutByID):
1605         (JSC::DFG::dfgRepatchPutByID):
1606         (JSC::DFG::tryBuildPutByIdList):
1607         (JSC::DFG::dfgBuildPutByIdList):
1608         (JSC::DFG::dfgResetPutByID):
1609         * dfg/DFGRepatch.h:
1610         (DFG):
1611         * runtime/WriteBarrier.h:
1612         (WriteBarrierBase):
1613         (JSC::WriteBarrierBase::copyFrom):
1614
1615 2012-02-10  Vineet Chaudhary  <rgf748@motorola.com>
1616
1617         https://bugs.webkit.org/show_bug.cgi?id=72756
1618         DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it 
1619
1620         Reviewed by Timothy Hatcher.
1621
1622         * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
1623           AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
1624
1625 2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1626
1627         Fixing windows build
1628
1629         Unreviewed build fix
1630
1631         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1632
1633 2012-02-10  Adam Klein  <adamk@chromium.org>
1634
1635         Enable MUTATION_OBSERVERS by default on all platforms
1636         https://bugs.webkit.org/show_bug.cgi?id=78196
1637
1638         Reviewed by Ojan Vafai.
1639
1640         * Configurations/FeatureDefines.xcconfig:
1641
1642 2012-02-10  Yong Li  <yoli@rim.com>
1643
1644         ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
1645         https://bugs.webkit.org/show_bug.cgi?id=76724
1646
1647         Reviewed by Rob Buis.
1648
1649         This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
1650         The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
1651         So it can leave pages behind that are not set back to default flags. When an assembly on one of those
1652         pages is executed or JIT returns to those pages in the case it was already executing from there, the
1653         software will crash.
1654
1655         * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
1656         (JSC::LinkBuffer::LinkBuffer):
1657         (JSC::LinkBuffer::linkCode):
1658         (JSC::LinkBuffer::performFinalization):
1659         (LinkBuffer):
1660
1661 2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1662
1663         Split MarkedSpace into destructor and destructor-free subspaces
1664         https://bugs.webkit.org/show_bug.cgi?id=77761
1665
1666         Reviewed by Geoffrey Garen.
1667
1668         * dfg/DFGSpeculativeJIT.h:
1669         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
1670         * heap/Heap.h:
1671         (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
1672         pick which subspace they want to allocate out of.
1673         (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
1674         (Heap):
1675         (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
1676         (JSC):
1677         (JSC::Heap::allocateWithoutDestructor): Ditto.
1678         * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
1679         their MarkedBlocks correctly.
1680         (JSC::MarkedAllocator::allocateBlock):
1681         * heap/MarkedAllocator.h:
1682         (JSC::MarkedAllocator::cellsNeedDestruction):
1683         (MarkedAllocator):
1684         (JSC::MarkedAllocator::MarkedAllocator):
1685         (JSC):
1686         (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
1687         an init function that does all of that stuff in fewer lines.
1688         * heap/MarkedBlock.cpp:
1689         (JSC::MarkedBlock::create):
1690         (JSC::MarkedBlock::recycle):
1691         (JSC::MarkedBlock::MarkedBlock):
1692         (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
1693         checking the m_cellsNeedDestructor flag faster and cleaner looking.
1694         (JSC):
1695         (JSC::MarkedBlock::specializedSweep):
1696         (JSC::MarkedBlock::sweep):
1697         (JSC::MarkedBlock::sweepHelper):
1698         * heap/MarkedBlock.h:
1699         (MarkedBlock):
1700         (JSC::MarkedBlock::cellsNeedDestruction):
1701         (JSC):
1702         * heap/MarkedSpace.cpp:
1703         (JSC::MarkedSpace::MarkedSpace):
1704         (JSC::MarkedSpace::resetAllocators):
1705         (JSC::MarkedSpace::canonicalizeCellLivenessData):
1706         (JSC::TakeIfUnmarked::operator()):
1707         * heap/MarkedSpace.h:
1708         (MarkedSpace):
1709         (Subspace):
1710         (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
1711         allocators.
1712         (JSC):
1713         (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
1714         (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
1715         (JSC::MarkedSpace::allocateWithDestructor): Ditto.
1716         (JSC::MarkedSpace::forEachBlock):
1717         * jit/JIT.h:
1718         * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
1719         (JSC::JIT::emitAllocateBasicJSObject):
1720         (JSC::JIT::emitAllocateJSFinalObject):
1721         (JSC::JIT::emitAllocateJSFunction):
1722         * runtime/JSArray.cpp:
1723         (JSC):
1724         * runtime/JSArray.h:
1725         (JSArray):
1726         (JSC::JSArray::create):
1727         (JSC):
1728         (JSC::JSArray::tryCreateUninitialized):
1729         * runtime/JSCell.h:
1730         (JSCell):
1731         (JSC):
1732         (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
1733         destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
1734         constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
1735         (JSC::allocateCell): 
1736         * runtime/JSFunction.cpp:
1737         (JSC):
1738         * runtime/JSFunction.h:
1739         (JSFunction):
1740         * runtime/JSObject.cpp:
1741         (JSC):
1742         * runtime/JSObject.h:
1743         (JSNonFinalObject):
1744         (JSC):
1745         (JSFinalObject):
1746         (JSC::JSFinalObject::create):
1747
1748 2012-02-10  Adrienne Walker  <enne@google.com>
1749
1750         Remove implicit copy constructor usage in HashMaps with OwnPtr
1751         https://bugs.webkit.org/show_bug.cgi?id=78071
1752
1753         Reviewed by Darin Adler.
1754
1755         Change the return type of emptyValue() in PairHashTraits to be the
1756         actual type returned rather than the trait type to avoid an implicit
1757         generation of the OwnPtr copy constructor. This happens for hash
1758         traits involving OwnPtr where the empty value is not zero and each
1759         hash bucket needs to be initialized with emptyValue().
1760
1761         Also, update StructureTransitionTable to use default hash traits
1762         rather than rolling its own, in order to update it to handle
1763         EmptyValueType.
1764
1765         Test: patch from bug 74154 compiles on Clang with this patch
1766
1767         * runtime/StructureTransitionTable.h:
1768         (StructureTransitionTable):
1769         * wtf/HashTraits.h:
1770         (GenericHashTraits):
1771         (PairHashTraits):
1772         (WTF::PairHashTraits::emptyValue):
1773
1774 2012-02-10  Aron Rosenberg  <arosenberg@logitech.com>
1775
1776         [Qt] Fix compiler warning in Visual Studio 2010 about TR1
1777         https://bugs.webkit.org/show_bug.cgi?id=63642
1778
1779         Reviewed by Simon Hausmann.
1780
1781         * JavaScriptCore.pri:
1782
1783 2012-02-10  Michael Saboff  <msaboff@apple.com>
1784
1785         Yarr assert with regexp where alternative in *-quantified group matches empty
1786         https://bugs.webkit.org/show_bug.cgi?id=67752        
1787
1788         Reviewed by Gavin Barraclough.
1789
1790         Added backtracking for the prior alternative if it matched
1791         but didn't consume any input characters.
1792
1793         * yarr/YarrJIT.cpp:
1794         (YarrOp): New jump.
1795         (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
1796         when an alternative matches and no input was consumed.  Moved the
1797         zero length match check for a set of alternatives to the alternative
1798         code from the parentheses cases to the alternative end cases.
1799         Converted the existing zero length checks in the parentheses cases
1800         to runtime assertion checks.
1801         (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
1802         to prior term.
1803
1804 2012-02-10  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
1805
1806         [Qt] GC should be parallel on Qt platform
1807         https://bugs.webkit.org/show_bug.cgi?id=73309
1808
1809         Reviewed by Zoltan Herczeg.
1810
1811         These changes made the parallel gc feature available for Qt port.
1812         The implementation of "registerGCThread" and "isMainThreadOrGCThread",
1813         and a local static function [initializeGCThreads] is moved from
1814         MainThreadMac.mm to the common MainThread.cpp to make them available
1815         for other platforms.
1816
1817         Measurement results:
1818         V8           speed-up:  1.025x as fast  [From: 663.4ms  To: 647.0ms ]
1819         V8 Splay     speed-up:  1.185x as fast  [From: 138.4ms  To: 116.8ms ]
1820
1821         Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
1822
1823         * JavaScriptCore.order:
1824         * wtf/MainThread.cpp:
1825         (WTF::initializeMainThread):
1826         (WTF):
1827         (WTF::initializeGCThreads):
1828         (WTF::registerGCThread):
1829         (WTF::isMainThreadOrGCThread):
1830         * wtf/MainThread.h:
1831         (WTF):
1832         * wtf/Platform.h:
1833         * wtf/mac/MainThreadMac.mm:
1834         (WTF):
1835
1836 2012-02-09  Andy Wingo  <wingo@igalia.com>
1837
1838         Eliminate dead code in BytecodeGenerator::resolve()
1839         https://bugs.webkit.org/show_bug.cgi?id=78242
1840
1841         Reviewed by Gavin Barraclough.
1842
1843         * bytecompiler/BytecodeGenerator.cpp:
1844         (JSC::BytecodeGenerator::resolve):
1845         BytecodeGenerator::shouldOptimizeLocals() is only true for
1846         FunctionCode, and thus cannot be true for GlobalCode.
1847
1848 2012-02-09  Andy Wingo  <wingo@igalia.com>
1849
1850         Remove BytecodeGenerator::isLocal
1851         https://bugs.webkit.org/show_bug.cgi?id=78241
1852
1853         Minor refactor to BytecodeGenerator.
1854
1855         Reviewed by Gavin Barraclough.
1856
1857         * bytecompiler/BytecodeGenerator.h:
1858         * bytecompiler/BytecodeGenerator.cpp:
1859         (JSC::BytecodeGenerator::isLocal):
1860         (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
1861         methods.
1862         * bytecompiler/NodesCodegen.cpp:
1863         (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
1864         instead of isLocal.  This will recognize more resolve nodes as
1865         being pure.
1866         (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
1867         location instead of isLocalConstant.
1868
1869 2012-02-09  Oliver Hunt  <oliver@apple.com>
1870
1871         The JS Parser scope object needs a VectorTrait specialization
1872         https://bugs.webkit.org/show_bug.cgi?id=78308
1873
1874         Reviewed by Gavin Barraclough.
1875
1876         This showed up as a periodic crash in various bits of generated code
1877         originally, but I've added an assertion in the bytecode generator
1878         that makes the effected code much more crash-happy should it go
1879         wrong again.
1880
1881         * bytecompiler/BytecodeGenerator.cpp:
1882         (JSC::BytecodeGenerator::BytecodeGenerator):
1883         (JSC::BytecodeGenerator::resolve):
1884         * parser/Parser.cpp:
1885         * parser/Parser.h:
1886         (JSC):
1887         * runtime/JSActivation.h:
1888         (JSC::JSActivation::isValidScopedLookup):
1889         (JSActivation):
1890
1891 2012-02-08  Oliver Hunt  <oliver@apple.com>
1892
1893         Whoops, fix the build.
1894
1895         * runtime/Executable.cpp:
1896         (JSC::FunctionExecutable::FunctionExecutable):
1897
1898 2012-02-08  Oliver Hunt  <oliver@apple.com>
1899
1900         Fix issue encountered while debugging stacktraces
1901         https://bugs.webkit.org/show_bug.cgi?id=78147
1902
1903         Reviewed by Gavin Barraclough.
1904
1905         Debugging is easier if we always ensure that we have a non-null
1906         inferred name.
1907
1908         * runtime/Executable.cpp:
1909         (JSC::FunctionExecutable::FunctionExecutable):
1910
1911 2012-02-08  Oliver Hunt  <oliver@apple.com>
1912
1913         updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
1914         https://bugs.webkit.org/show_bug.cgi?id=78145
1915
1916         Reviewed by Gavin Barraclough.
1917
1918         Fix the updateTopCallFrame helper to store additional information
1919         that becomes necessary when we are trying to provide more stack
1920         frame information.
1921
1922         * interpreter/CallFrame.h:
1923         (JSC::ExecState::bytecodeOffsetForBaselineJIT):
1924         (ExecState):
1925         * jit/JIT.cpp:
1926         (JSC::JIT::privateCompile):
1927         * jit/JIT.h:
1928         (JSC::JIT::compileGetByIdProto):
1929         (JSC::JIT::compileGetByIdSelfList):
1930         (JSC::JIT::compileGetByIdProtoList):
1931         (JSC::JIT::compileGetByIdChainList):
1932         (JSC::JIT::compileGetByIdChain):
1933         (JSC::JIT::compilePutByIdTransition):
1934         (JIT):
1935         * jit/JITInlineMethods.h:
1936         (JSC::JIT::updateTopCallFrame):
1937
1938 2012-02-07  Robert Kroeger  <rjkroege@chromium.org>
1939
1940         [chromium] Remove the enable marcro for the no longer necessary Chromium
1941         gesture recognizer.
1942         https://bugs.webkit.org/show_bug.cgi?id=77492
1943
1944         Reviewed by Adam Barth.
1945
1946         * wtf/Platform.h:
1947
1948 2012-02-07  Tony Chang  <tony@chromium.org>
1949
1950         merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
1951         https://bugs.webkit.org/show_bug.cgi?id=78036
1952
1953         Reviewed by Darin Adler.
1954
1955         * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
1956
1957 2012-02-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1958
1959         [CMAKE] Use *bin* and *lib* directories for executable and libraries.
1960         https://bugs.webkit.org/show_bug.cgi?id=77928
1961
1962         Reviewed by Daniel Bates.
1963
1964         CMake has used *Programs* directory for executable. In addition, shared libraries are being
1965         built in source directory. It is better to set common places in order to maintain executable
1966         and libraries. *bin* is for executable and *lib* is for library.
1967
1968         * shell/CMakeLists.txt: Change *Programs* with *bin*.
1969
1970 2012-02-07  Gavin Barraclough  <barraclough@apple.com>
1971
1972         Crash on http://www.rickshawbags.com/
1973         https://bugs.webkit.org/show_bug.cgi?id=78045
1974
1975         Reviewed by Darin Adler.
1976
1977         Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
1978         
1979         This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
1980         isVariableObject() checks were excluding StaticScopeObjects, this patch
1981         inadvertently changed them to be included.
1982
1983         * runtime/JSType.h:
1984             - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
1985               and thus is excluded from isVariableObject() checks.
1986
1987 2012-02-06  Jer Noble  <jer.noble@apple.com>
1988
1989         Use CMClock as a timing source for PlatformClock where available.
1990         https://bugs.webkit.org/show_bug.cgi?id=77885
1991
1992         Reviewed by Eric Carlson.
1993
1994         * wtf/Platform.h: Added WTF_USE_COREMEDIA.
1995
1996 2012-02-06  Filip Pizlo  <fpizlo@apple.com>
1997
1998         ValueToNumber and ValueToDouble nodes don't do anything and should be removed
1999         https://bugs.webkit.org/show_bug.cgi?id=77855
2000         <rdar://problem/10811325>
2001
2002         Reviewed by Gavin Barraclough.
2003         
2004         Removed ValueToNumber and ValueToDouble, because the only thing they were doing
2005         was wasting registers.
2006         
2007         This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
2008         mostly due to a >10% win on gaussian-blur. No win anywhere else.
2009
2010         * dfg/DFGAbstractState.cpp:
2011         (JSC::DFG::AbstractState::execute):
2012         * dfg/DFGByteCodeParser.cpp:
2013         (JSC::DFG::ByteCodeParser::getToInt32):
2014         (ByteCodeParser):
2015         (JSC::DFG::ByteCodeParser::handleMinMax):
2016         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2017         (JSC::DFG::ByteCodeParser::parseBlock):
2018         * dfg/DFGNode.h:
2019         (DFG):
2020         (JSC::DFG::Node::hasArithNodeFlags):
2021         * dfg/DFGPropagator.cpp:
2022         (JSC::DFG::Propagator::propagateArithNodeFlags):
2023         (JSC::DFG::Propagator::propagateNodePredictions):
2024         (JSC::DFG::Propagator::vote):
2025         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
2026         (Propagator):
2027         (JSC::DFG::Propagator::fixupNode):
2028         (JSC::DFG::Propagator::canonicalize):
2029         * dfg/DFGSpeculativeJIT.cpp:
2030         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2031         * dfg/DFGSpeculativeJIT32_64.cpp:
2032         (JSC::DFG::SpeculativeJIT::compile):
2033         * dfg/DFGSpeculativeJIT64.cpp:
2034         (JSC::DFG::SpeculativeJIT::compile):
2035
2036 2012-02-06  Patrick Gansterer  <paroga@webkit.org>
2037
2038         Unreviewed WinCE build fix after r106197.
2039
2040         * tools/CodeProfiling.cpp:
2041         (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
2042
2043 2012-02-05  Gavin Barraclough  <barraclough@apple.com>
2044
2045         Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
2046         https://bugs.webkit.org/show_bug.cgi?id=77451
2047
2048         Reviewed by Sam Weinig.
2049
2050         These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
2051         Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
2052
2053         * JavaScriptCore.exp:
2054         * debugger/DebuggerActivation.cpp:
2055         (JSC::DebuggerActivation::defineOwnProperty):
2056         * debugger/DebuggerActivation.h:
2057         (DebuggerActivation):
2058         * runtime/ClassInfo.h:
2059         (MethodTable):
2060         (JSC):
2061         * runtime/JSBoundFunction.cpp:
2062         (JSC::JSBoundFunction::finishCreation):
2063         * runtime/JSCell.cpp:
2064         (JSC):
2065         * runtime/JSCell.h:
2066         (JSCell):
2067         * runtime/JSFunction.cpp:
2068         (JSC::JSFunction::getOwnPropertySlot):
2069         (JSC::JSFunction::getOwnPropertyDescriptor):
2070         * runtime/JSGlobalObject.cpp:
2071         (JSC::JSGlobalObject::defineOwnProperty):
2072         (JSC):
2073         * runtime/JSGlobalObject.h:
2074         (JSGlobalObject):
2075         * runtime/JSObject.cpp:
2076         (JSC):
2077         * runtime/JSObject.h:
2078         (JSObject):
2079         * runtime/ObjectPrototype.cpp:
2080         (JSC::objectProtoFuncDefineGetter):
2081         (JSC::objectProtoFuncDefineSetter):
2082         (JSC::objectProtoFuncLookupGetter):
2083         (JSC::objectProtoFuncLookupSetter):
2084
2085 2012-02-06  Carlos Garcia Campos  <cgarcia@igalia.com>
2086
2087         Unreviewed. Fix make distcheck.
2088
2089         * GNUmakefile.list.am: Add missing files.
2090
2091 2012-02-05  Filip Pizlo  <fpizlo@apple.com>
2092
2093         DFG's child references from one node to another should have room for type information
2094         https://bugs.webkit.org/show_bug.cgi?id=77797
2095
2096         Reviewed by Oliver Hunt.
2097         
2098         The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
2099         and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
2100         together as a DFG::NodeUse, which can in most cases still be used as an index (for
2101         example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
2102         where they really want a NodeIndex).
2103         
2104         The NodeUse stores both the index and the UseKind without bloating the memory usage of
2105         DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
2106         roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
2107         something - likely a sensible assumption! - then we will only be able to have room for
2108         about 24 million nodes, which means we only need about 24.5 bits for the node index).
2109         Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
2110         but stores the index as a signed number to make NoNode work naturally. Hence we really
2111         just have 27 bits for the index.
2112         
2113         This is performance-neutral on all benchmarks we track.
2114
2115         * JavaScriptCore.xcodeproj/project.pbxproj:
2116         * dfg/DFGAbstractState.h:
2117         (JSC::DFG::AbstractState::forNode):
2118         (AbstractState):
2119         * dfg/DFGByteCodeParser.cpp:
2120         (JSC::DFG::ByteCodeParser::getLocal):
2121         (JSC::DFG::ByteCodeParser::getArgument):
2122         (JSC::DFG::ByteCodeParser::toInt32):
2123         (JSC::DFG::ByteCodeParser::addVarArgChild):
2124         (JSC::DFG::ByteCodeParser::processPhiStack):
2125         * dfg/DFGCommon.h:
2126         * dfg/DFGGraph.cpp:
2127         (JSC::DFG::Graph::dump):
2128         (DFG):
2129         * dfg/DFGGraph.h:
2130         (Graph):
2131         (JSC::DFG::Graph::operator[]):
2132         (JSC::DFG::Graph::at):
2133         (JSC::DFG::Graph::ref):
2134         (JSC::DFG::Graph::deref):
2135         (JSC::DFG::Graph::clearAndDerefChild1):
2136         (JSC::DFG::Graph::clearAndDerefChild2):
2137         (JSC::DFG::Graph::clearAndDerefChild3):
2138         * dfg/DFGJITCompiler.h:
2139         (JSC::DFG::JITCompiler::getPrediction):
2140         * dfg/DFGNode.h:
2141         (JSC::DFG::Node::Node):
2142         (JSC::DFG::Node::child1):
2143         (JSC::DFG::Node::child1Unchecked):
2144         (JSC::DFG::Node::child2):
2145         (JSC::DFG::Node::child3):
2146         (JSC::DFG::Node::firstChild):
2147         (JSC::DFG::Node::numChildren):
2148         (JSC::DFG::Node::dumpChildren):
2149         (Node):
2150         * dfg/DFGNodeReferenceBlob.h: Added.
2151         (DFG):
2152         (NodeReferenceBlob):
2153         (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
2154         (JSC::DFG::NodeReferenceBlob::child):
2155         (JSC::DFG::NodeReferenceBlob::child1):
2156         (JSC::DFG::NodeReferenceBlob::child2):
2157         (JSC::DFG::NodeReferenceBlob::child3):
2158         (JSC::DFG::NodeReferenceBlob::child1Unchecked):
2159         (JSC::DFG::NodeReferenceBlob::initialize):
2160         (JSC::DFG::NodeReferenceBlob::firstChild):
2161         (JSC::DFG::NodeReferenceBlob::setFirstChild):
2162         (JSC::DFG::NodeReferenceBlob::numChildren):
2163         (JSC::DFG::NodeReferenceBlob::setNumChildren):
2164         * dfg/DFGNodeUse.h: Added.
2165         (DFG):
2166         (NodeUse):
2167         (JSC::DFG::NodeUse::NodeUse):
2168         (JSC::DFG::NodeUse::indexUnchecked):
2169         (JSC::DFG::NodeUse::index):
2170         (JSC::DFG::NodeUse::setIndex):
2171         (JSC::DFG::NodeUse::useKind):
2172         (JSC::DFG::NodeUse::setUseKind):
2173         (JSC::DFG::NodeUse::isSet):
2174         (JSC::DFG::NodeUse::operator!):
2175         (JSC::DFG::NodeUse::operator==):
2176         (JSC::DFG::NodeUse::operator!=):
2177         (JSC::DFG::NodeUse::shift):
2178         (JSC::DFG::NodeUse::makeWord):
2179         (JSC::DFG::operator==):
2180         (JSC::DFG::operator!=):
2181         * dfg/DFGPropagator.cpp:
2182         (JSC::DFG::Propagator::propagateArithNodeFlags):
2183         (JSC::DFG::Propagator::vote):
2184         (JSC::DFG::Propagator::toDouble):
2185         (JSC::DFG::Propagator::fixupNode):
2186         (JSC::DFG::Propagator::canonicalize):
2187         (JSC::DFG::Propagator::startIndex):
2188         (JSC::DFG::Propagator::globalVarLoadElimination):
2189         (JSC::DFG::Propagator::getByValLoadElimination):
2190         (JSC::DFG::Propagator::getByOffsetLoadElimination):
2191         (JSC::DFG::Propagator::performSubstitution):
2192         (JSC::DFG::Propagator::performNodeCSE):
2193         * dfg/DFGScoreBoard.h:
2194         (JSC::DFG::ScoreBoard::use):
2195         * dfg/DFGSpeculativeJIT.cpp:
2196         (JSC::DFG::SpeculativeJIT::useChildren):
2197         (JSC::DFG::SpeculativeJIT::writeBarrier):
2198         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
2199         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
2200         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2201         (JSC::DFG::SpeculativeJIT::compileMovHint):
2202         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2203         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
2204         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2205         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
2206         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2207         (JSC::DFG::SpeculativeJIT::compileAdd):
2208         (JSC::DFG::SpeculativeJIT::compileArithSub):
2209         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
2210         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2211         * dfg/DFGSpeculativeJIT.h:
2212         (JSC::DFG::SpeculativeJIT::at):
2213         (JSC::DFG::SpeculativeJIT::canReuse):
2214         (JSC::DFG::SpeculativeJIT::use):
2215         (SpeculativeJIT):
2216         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2217         (JSC::DFG::SpeculativeJIT::speculationCheck):
2218         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2219         (JSC::DFG::IntegerOperand::IntegerOperand):
2220         (JSC::DFG::DoubleOperand::DoubleOperand):
2221         (JSC::DFG::JSValueOperand::JSValueOperand):
2222         (JSC::DFG::StorageOperand::StorageOperand):
2223         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
2224         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
2225         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2226         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
2227         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
2228         * dfg/DFGSpeculativeJIT32_64.cpp:
2229         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2230         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2231         (JSC::DFG::SpeculativeJIT::cachedPutById):
2232         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2233         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2234         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2235         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2236         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2237         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2238         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2239         (JSC::DFG::SpeculativeJIT::emitCall):
2240         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2241         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2242         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2243         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2244         (JSC::DFG::SpeculativeJIT::emitBranch):
2245         (JSC::DFG::SpeculativeJIT::compile):
2246         * dfg/DFGSpeculativeJIT64.cpp:
2247         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2248         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2249         (JSC::DFG::SpeculativeJIT::cachedPutById):
2250         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2251         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2252         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2253         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2254         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2255         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2256         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2257         (JSC::DFG::SpeculativeJIT::emitCall):
2258         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2259         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2260         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2261         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2262         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2263         (JSC::DFG::SpeculativeJIT::emitBranch):
2264         (JSC::DFG::SpeculativeJIT::compile):
2265
2266 2012-02-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2267
2268         [CMAKE] Support javascriptcore test for EFL port. 
2269         https://bugs.webkit.org/show_bug.cgi?id=77425
2270
2271         Reviewed by Daniel Bates.
2272
2273         Efl and WinCE as well as Blackberry port are now using Cmake as its build system
2274         and they are share the make file to create jsc excutable. In order to run
2275         "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
2276         with executable output directory(e.g. Programs). So, this patch change jsc installation
2277         configuration only for EFL port.
2278
2279         * shell/CMakeLists.txt:
2280
2281 2012-02-04  Gavin Barraclough  <barraclough@apple.com>
2282
2283         Rubber stamped by Sam Weinig.
2284
2285         * yarr/YarrPattern.cpp:
2286         (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
2287             - Fix comment.
2288
2289 2012-02-04  Kalev Lember  <kalevlember@gmail.com>
2290
2291         [GTK] CurrentTime: Reorder headers for win32
2292         https://bugs.webkit.org/show_bug.cgi?id=77808
2293
2294         Reviewed by Martin Robinson.
2295
2296         In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
2297         based on g_get_monotonic_time(). Reorder headers to make sure glib.h
2298         gets included even when the platform is win32.
2299
2300         CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
2301         CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
2302         CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
2303
2304         * wtf/CurrentTime.cpp:
2305
2306 2012-02-03  Anders Carlsson  <andersca@apple.com>
2307
2308         Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
2309         https://bugs.webkit.org/show_bug.cgi?id=77788
2310
2311         Reviewed by Andreas Kling.
2312
2313         The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to 
2314         code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
2315
2316         * wtf/FastAllocBase.h:
2317
2318 2012-02-03  Rob Buis  <rbuis@rim.com>
2319
2320         Fix alignment warnings in ARMv7
2321         https://bugs.webkit.org/show_bug.cgi?id=55368
2322
2323         Reviewed by Filip Pizlo.
2324
2325         Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
2326
2327         * heap/HandleTypes.h:
2328         (JSC::HandleTypes::getFromSlot):
2329         * heap/MarkedBlock.cpp:
2330         (JSC::MarkedBlock::specializedSweep):
2331         * heap/MarkedBlock.h:
2332         (JSC::MarkedBlock::forEachCell):
2333         * runtime/WriteBarrier.h:
2334         (JSC::WriteBarrierBase::get):
2335         (JSC::WriteBarrierBase::unvalidatedGet):
2336
2337 2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2338
2339         Build fix
2340
2341         Unreviewed build fix
2342
2343         Forgot to add a couple files.
2344
2345         * heap/MarkedAllocator.cpp: Added.
2346         (JSC):
2347         (JSC::MarkedAllocator::tryAllocateHelper):
2348         (JSC::MarkedAllocator::tryAllocate):
2349         (JSC::MarkedAllocator::allocateSlowCase):
2350         (JSC::MarkedAllocator::allocateBlock):
2351         (JSC::MarkedAllocator::addBlock):
2352         (JSC::MarkedAllocator::removeBlock):
2353         * heap/MarkedAllocator.h: Added.
2354         (JSC):
2355         (DFG):
2356         (MarkedAllocator):
2357         (JSC::MarkedAllocator::cellSize):
2358         (JSC::MarkedAllocator::heap):
2359         (JSC::MarkedAllocator::setHeap):
2360         (JSC::MarkedAllocator::setCellSize):
2361         (JSC::MarkedAllocator::setMarkedSpace):
2362         (JSC::MarkedAllocator::MarkedAllocator):
2363         (JSC::MarkedAllocator::allocate):
2364         (JSC::MarkedAllocator::reset):
2365         (JSC::MarkedAllocator::zapFreeList):
2366         (JSC::MarkedAllocator::forEachBlock):
2367
2368 2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2369
2370         Refactor MarkedBlock::SizeClass into a separate class
2371         https://bugs.webkit.org/show_bug.cgi?id=77600
2372
2373         Reviewed by Geoffrey Garen.
2374
2375         We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
2376         the responsibility of allocating objects from the collection of MarkedBlocks 
2377         that it manages. Also limited the amount of coupling to internal data fields 
2378         from other places, although it's mostly unavoidable in the JIT code.
2379
2380         Eventually MarkedAllocator will implement various policies to do with object 
2381         management, e.g. whether or not to run destructors on objects that it manages.
2382         MarkedSpace will manage a collection of MarkedAllocators with varying policies,
2383         as it does now but to a larger extent. 
2384
2385         * CMakeLists.txt:
2386         * GNUmakefile.list.am:
2387         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2388         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2389         * JavaScriptCore.xcodeproj/project.pbxproj:
2390         * Target.pri:
2391         * dfg/DFGSpeculativeJIT.h:
2392         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
2393         * heap/Heap.cpp:
2394         (JSC::Heap::collect):
2395         (JSC::Heap::resetAllocators):
2396         * heap/Heap.h:
2397         (JSC::Heap::allocatorForObject):
2398         (Heap):
2399         * heap/MarkedAllocator.cpp: Added.
2400         (JSC):
2401         (JSC::MarkedAllocator::tryAllocateHelper):
2402         (JSC::MarkedAllocator::tryAllocate):
2403         (JSC::MarkedAllocator::allocateSlowCase):
2404         (JSC::MarkedAllocator::allocateBlock):
2405         (JSC::MarkedAllocator::addBlock):
2406         (JSC::MarkedAllocator::removeBlock):
2407         * heap/MarkedAllocator.h: Added.
2408         (JSC):
2409         (DFG):
2410         (MarkedAllocator):
2411         (JSC::MarkedAllocator::cellSize):
2412         (JSC::MarkedAllocator::heap):
2413         (JSC::MarkedAllocator::setHeap):
2414         (JSC::MarkedAllocator::setCellSize):
2415         (JSC::MarkedAllocator::setMarkedSpace):
2416         (JSC::MarkedAllocator::MarkedAllocator):
2417         (JSC::MarkedAllocator::allocate):
2418         (JSC::MarkedAllocator::reset):
2419         (JSC::MarkedAllocator::zapFreeList):
2420         (JSC::MarkedAllocator::forEachBlock):
2421         * heap/MarkedSpace.cpp:
2422         (JSC::MarkedSpace::MarkedSpace):
2423         (JSC::MarkedSpace::resetAllocators):
2424         (JSC::MarkedSpace::canonicalizeCellLivenessData):
2425         (JSC::TakeIfUnmarked::operator()):
2426         * heap/MarkedSpace.h:
2427         (MarkedSpace):
2428         (JSC::MarkedSpace::allocatorFor):
2429         (JSC::MarkedSpace::allocate):
2430         (JSC::MarkedSpace::forEachBlock):
2431         (JSC::MarkedSpace::didAddBlock):
2432         (JSC::MarkedSpace::didConsumeFreeList):
2433         * jit/JITInlineMethods.h:
2434         (JSC::JIT::emitAllocateBasicJSObject):
2435
2436 2012-02-03  Simon Hausmann  <simon.hausmann@nokia.com>
2437
2438         [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
2439         https://bugs.webkit.org/show_bug.cgi?id=77723
2440
2441         Reviewed by Tor Arne Vestbø.
2442
2443         * wtf/Platform.h: Enable use of export macros.
2444
2445 2012-02-02  Hajime Morrita  <morrita@chromium.org>
2446
2447         Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
2448
2449         * interpreter/Interpreter.h:
2450         (Interpreter):
2451
2452 2012-01-31  Hajime Morrita  <morrita@chromium.org>
2453
2454         [Mac] eliminate JavaScriptCore.exp
2455         https://bugs.webkit.org/show_bug.cgi?id=72854
2456
2457         Reviewed by Darin Adler.
2458
2459         - Removed exp files and corresponding makefile entries.
2460         - Changed the build configuration no to use exp file.
2461
2462         * Configurations/JavaScriptCore.xcconfig:
2463         * DerivedSources.make:
2464         * JavaScriptCore.JSVALUE32_64only.exp: Removed.
2465         * JavaScriptCore.JSVALUE64only.exp: Removed.
2466         * JavaScriptCore.exp: Removed.
2467         * JavaScriptCore.xcodeproj/project.pbxproj:
2468         * wtf/Platform.h:
2469
2470 2012-02-02  Benjamin Poulain  <bpoulain@apple.com>
2471
2472         Running a Web Worker on about:blank crashes the interpreter
2473         https://bugs.webkit.org/show_bug.cgi?id=77593
2474
2475         Reviewed by Michael Saboff.
2476
2477         The method Interpreter::execute() was crashing on empty programs because
2478         the assumption is made the source is not null.
2479
2480         This patch shortcut the execution when the String is null to avoid invalid
2481         memory access.
2482
2483         * interpreter/Interpreter.cpp:
2484         (JSC::Interpreter::execute):
2485
2486 2012-02-02  Kalev Lember  <kalevlember@gmail.com>
2487
2488         [GTK] Use win32 native threading
2489         https://bugs.webkit.org/show_bug.cgi?id=77676
2490
2491         Reviewed by Martin Robinson.
2492
2493         r97269 switched from glib threading to pthreads, breaking win32 GTK+.
2494         This is a follow up, removing some leftovers in ThreadSpecific.h and
2495         switching win32 to use the native threading in ThreadingWin.cpp.
2496
2497         * GNUmakefile.list.am: Compile in win32 native threading support
2498         * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
2499         (ThreadSpecific):
2500         (WTF::::destroy):
2501
2502 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2503
2504         retrieveCallerFromVMCode should call trueCallerFrame
2505         https://bugs.webkit.org/show_bug.cgi?id=77684
2506
2507         Reviewed by Oliver Hunt.
2508
2509         * interpreter/Interpreter.cpp:
2510         (JSC::Interpreter::retrieveCallerFromVMCode):
2511
2512 2012-02-02  Kalev Lember  <kalevlember@gmail.com>
2513
2514         [GTK] Implement current executable path finding for win32
2515         https://bugs.webkit.org/show_bug.cgi?id=77677
2516
2517         Reviewed by Martin Robinson.
2518
2519         The WTF helper for getting the binary path that was added in r101710
2520         left out the win32 implementation. Fix this.
2521
2522         * wtf/gobject/GlibUtilities.cpp:
2523         (getCurrentExecutablePath):
2524
2525 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2526
2527         Throwing away bytecode and then reparsing during DFG optimization is just
2528         plain wrong and makes things crash
2529         https://bugs.webkit.org/show_bug.cgi?id=77680
2530         <rdar://problem/10798490>
2531
2532         Reviewed by Oliver Hunt.
2533
2534         This is the minimal surgical fix: it removes the code that triggered bytecode
2535         throw-away. Once we're confident that this is a good idea, we can kill all of
2536         the code that implements the feature.
2537
2538         * bytecode/CodeBlock.h:
2539         (JSC::CodeBlock::discardBytecodeLater):
2540         (JSC::CodeBlock::addValueProfile):
2541         * jit/JITDriver.h:
2542         (JSC::jitCompileIfAppropriate):
2543         (JSC::jitCompileFunctionIfAppropriate):
2544
2545 2012-02-02  Filip Pizlo  <fpizlo@apple.com>
2546
2547         Release build debugging should be easier
2548         https://bugs.webkit.org/show_bug.cgi?id=77669
2549
2550         Reviewed by Gavin Barraclough.
2551
2552         * assembler/ARMAssembler.h:
2553         (ARMAssembler):
2554         (JSC::ARMAssembler::debugOffset):
2555         * assembler/ARMv7Assembler.h:
2556         (ARMv7Assembler):
2557         (JSC::ARMv7Assembler::debugOffset):
2558         (ARMInstructionFormatter):
2559         (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
2560         * assembler/AbstractMacroAssembler.h:
2561         (AbstractMacroAssembler):
2562         (JSC::AbstractMacroAssembler::debugOffset):
2563         * assembler/AssemblerBuffer.h:
2564         (AssemblerBuffer):
2565         (JSC::AssemblerBuffer::debugOffset):
2566         * assembler/LinkBuffer.h:
2567         (LinkBuffer):
2568         (JSC::LinkBuffer::debugSize):
2569         * assembler/MIPSAssembler.h:
2570         (MIPSAssembler):
2571         (JSC::MIPSAssembler::debugOffset):
2572         * assembler/X86Assembler.h:
2573         (X86Assembler):
2574         (JSC::X86Assembler::debugOffset):
2575         (X86InstructionFormatter):
2576         (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
2577         * bytecode/CodeBlock.cpp:
2578         (JSC):
2579         * bytecode/CodeBlock.h:
2580         (CodeBlock):
2581         * bytecode/CodeOrigin.h:
2582         (CodeOrigin):
2583         (JSC):
2584         (JSC::CodeOrigin::inlineStack):
2585         * bytecode/DFGExitProfile.h:
2586         (JSC::DFG::exitKindToString):
2587         * bytecode/DataFormat.h:
2588         (JSC::dataFormatToString):
2589         * bytecode/PredictedType.cpp:
2590         (JSC):
2591         (JSC::predictionToString):
2592         * bytecode/PredictedType.h:
2593         (JSC):
2594         * bytecode/ValueRecovery.h:
2595         (ValueRecovery):
2596         (JSC::ValueRecovery::dump):
2597         * bytecompiler/BytecodeGenerator.cpp:
2598         (JSC):
2599         (JSC::BytecodeGenerator::setDumpsGeneratedCode):
2600         (JSC::BytecodeGenerator::dumpsGeneratedCode):
2601         (JSC::BytecodeGenerator::generate):
2602         * dfg/DFGAbstractValue.h:
2603         (StructureAbstractValue):
2604         (JSC::DFG::StructureAbstractValue::dump):
2605         (AbstractValue):
2606         (JSC::DFG::AbstractValue::dump):
2607         * dfg/DFGAssemblyHelpers.h:
2608         (DFG):
2609         (AssemblyHelpers):
2610         (JSC::DFG::AssemblyHelpers::debugCall):
2611         * dfg/DFGFPRInfo.h:
2612         (FPRInfo):
2613         (JSC::DFG::FPRInfo::debugName):
2614         * dfg/DFGGPRInfo.h:
2615         (GPRInfo):
2616         (JSC::DFG::GPRInfo::debugName):
2617         * dfg/DFGGraph.cpp:
2618         (DFG):
2619         * dfg/DFGGraph.h:
2620         (Graph):
2621         * dfg/DFGNode.h:
2622         (DFG):
2623         (JSC::DFG::arithNodeFlagsAsString):
2624         (Node):
2625         (JSC::DFG::Node::hasIdentifier):
2626         (JSC::DFG::Node::dumpChildren):
2627         * dfg/DFGOSRExit.cpp:
2628         (DFG):
2629         (JSC::DFG::OSRExit::dump):
2630         * dfg/DFGOSRExit.h:
2631         (OSRExit):
2632         * runtime/JSValue.cpp:
2633         (JSC):
2634         (JSC::JSValue::description):
2635         * runtime/JSValue.h:
2636         (JSValue):
2637         * wtf/BitVector.cpp:
2638         (WTF):
2639         (WTF::BitVector::dump):
2640         * wtf/BitVector.h:
2641         (BitVector):
2642
2643 2012-02-02  Oliver Hunt  <oliver@apple.com>
2644
2645         Getters and setters cause line numbers in errors/console.log to be offset for the whole file
2646         https://bugs.webkit.org/show_bug.cgi?id=77675
2647
2648         Reviewed by Timothy Hatcher.
2649
2650         Our default literal parsing logic doesn't handle the extra work required for
2651         getters and setters.  When it encounters one, it rolls back the lexer and 
2652         then switches to a more complete parsing function.  Unfortunately it was only
2653         winding back the character position, and was ignoring the line number and
2654         other lexer data.  This led to every getter and setter causing the line number
2655         to be incorrectly incremented leading to increasingly incorrect numbers for
2656         the rest of the file.
2657
2658         * parser/Parser.cpp:
2659         (JSC::::parseObjectLiteral):
2660
2661 2012-02-02  Andy Wingo  <wingo@igalia.com>
2662
2663         Fix type punning warning in HashTable.h debug builds
2664         https://bugs.webkit.org/show_bug.cgi?id=77422
2665
2666         Reviewed by Gavin Barraclough.
2667
2668         * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
2669         warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
2670
2671 2012-02-01  Michael Saboff  <msaboff@apple.com>
2672
2673         Yarr crash with regexp replace
2674         https://bugs.webkit.org/show_bug.cgi?id=67454
2675
2676         Reviewed by Gavin Barraclough.
2677
2678         Properly handle the case of a back reference to an unmatched
2679         subpattern by always matching without consuming any characters.
2680
2681         * yarr/YarrInterpreter.cpp:
2682         (JSC::Yarr::Interpreter::matchBackReference):
2683         (JSC::Yarr::Interpreter::backtrackBackReference):
2684
2685 2012-02-01  Gavin Barraclough  <barraclough@apple.com>
2686
2687         calling function on catch block scope containing an eval result in wrong this value being passed
2688         https://bugs.webkit.org/show_bug.cgi?id=77581
2689
2690         Reviewed by Oliver Hunt.
2691
2692         javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
2693
2694         * bytecompiler/NodesCodegen.cpp:
2695         (JSC::TryNode::emitBytecode):
2696         * interpreter/Interpreter.cpp:
2697         (JSC::Interpreter::execute):
2698         * parser/ASTBuilder.h:
2699         (JSC::ASTBuilder::createTryStatement):
2700         * parser/NodeConstructors.h:
2701         (JSC::TryNode::TryNode):
2702         * parser/Nodes.h:
2703         (TryNode):
2704         * parser/Parser.cpp:
2705         (JSC::::parseTryStatement):
2706         * parser/SyntaxChecker.h:
2707         (JSC::SyntaxChecker::createTryStatement):
2708         * runtime/JSObject.h:
2709         (JSObject):
2710         (JSC::JSObject::isStaticScopeObject):
2711         (JSC):
2712
2713 2012-02-01  Oliver Hunt  <oliver@apple.com>
2714
2715         Add support for inferred function names
2716         https://bugs.webkit.org/show_bug.cgi?id=77579
2717
2718         Reviewed by Gavin Barraclough.
2719
2720         Add new "inferred" names to function expressions, getters, and setters.
2721         This property is not exposed to JS, so is only visible in the debugger
2722         and profiler.
2723
2724         * JavaScriptCore.exp:
2725         * bytecompiler/BytecodeGenerator.h:
2726         (JSC::BytecodeGenerator::makeFunction):
2727         * debugger/DebuggerCallFrame.cpp:
2728         (JSC::DebuggerCallFrame::calculatedFunctionName):
2729         * parser/ASTBuilder.h:
2730         (JSC::ASTBuilder::createAssignResolve):
2731         (JSC::ASTBuilder::createGetterOrSetterProperty):
2732         (JSC::ASTBuilder::createProperty):
2733         (JSC::ASTBuilder::makeAssignNode):
2734         * parser/Nodes.h:
2735         (JSC::FunctionBodyNode::setInferredName):
2736         (JSC::FunctionBodyNode::inferredName):
2737         (FunctionBodyNode):
2738         * profiler/Profiler.cpp:
2739         (JSC):
2740         (JSC::Profiler::createCallIdentifier):
2741         (JSC::createCallIdentifierFromFunctionImp):
2742         * runtime/Executable.cpp:
2743         (JSC::FunctionExecutable::FunctionExecutable):
2744         (JSC::FunctionExecutable::fromGlobalCode):
2745         * runtime/Executable.h:
2746         (JSC::FunctionExecutable::create):
2747         (JSC::FunctionExecutable::inferredName):
2748         (FunctionExecutable):
2749         * runtime/JSFunction.cpp:
2750         (JSC::JSFunction::calculatedDisplayName):
2751         (JSC):
2752         (JSC::getCalculatedDisplayName):
2753         * runtime/JSFunction.h:
2754         (JSC):
2755
2756 2012-02-01  Filip Pizlo  <fpizlo@apple.com>
2757
2758         DFG should fold double-to-int conversions
2759         https://bugs.webkit.org/show_bug.cgi?id=77532
2760
2761         Reviewed by Oliver Hunt.
2762         
2763         Performance neutral on major benchmarks. But it makes calling V8's
2764         Math.random() 4x faster.
2765
2766         * bytecode/CodeBlock.cpp:
2767         (JSC):
2768         (JSC::CodeBlock::addOrFindConstant):
2769         * bytecode/CodeBlock.h:
2770         (JSC::CodeBlock::addConstant):
2771         (CodeBlock):
2772         * dfg/DFGAbstractState.cpp:
2773         (JSC::DFG::AbstractState::execute):
2774         * dfg/DFGByteCodeParser.cpp:
2775         (JSC::DFG::ByteCodeParser::toInt32):
2776         (ByteCodeParser):
2777         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
2778         (JSC::DFG::ByteCodeParser::isInt32Constant):
2779         * dfg/DFGGraph.h:
2780         (JSC::DFG::Graph::addShouldSpeculateInteger):
2781         (Graph):
2782         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
2783         * dfg/DFGPropagator.cpp:
2784         (JSC::DFG::Propagator::propagateNodePredictions):
2785         (JSC::DFG::Propagator::doRoundOfDoubleVoting):
2786         (JSC::DFG::Propagator::fixupNode):
2787         * dfg/DFGSpeculativeJIT.cpp:
2788         (JSC::DFG::SpeculativeJIT::compileAdd):
2789         (DFG):
2790         (JSC::DFG::SpeculativeJIT::compileArithSub):
2791         * dfg/DFGSpeculativeJIT.h:
2792         (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
2793         (SpeculativeJIT):
2794         * dfg/DFGSpeculativeJIT32_64.cpp:
2795         (JSC::DFG::SpeculativeJIT::compile):
2796         * dfg/DFGSpeculativeJIT64.cpp:
2797         (JSC::DFG::SpeculativeJIT::compile):
2798         * runtime/JSValueInlineMethods.h:
2799         (JSC::JSValue::asDouble):
2800
2801 2012-02-01  Filip Pizlo  <fpizlo@apple.com>
2802
2803         DFG graph dump for GetScopedVar should show the correct prediction
2804         https://bugs.webkit.org/show_bug.cgi?id=77530
2805
2806         Reviewed by Geoff Garen.
2807         
2808         GetScopedVar has a heap prediction, not a variable prediction. But it does
2809         have a variable. Hence we need to check for heap predictions before checking
2810         for variable predictions.
2811
2812         * dfg/DFGGraph.cpp:
2813         (JSC::DFG::Graph::dump):
2814
2815 2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
2816
2817         Replace JSArray destructor with finalizer
2818         https://bugs.webkit.org/show_bug.cgi?id=77488
2819
2820         Reviewed by Geoffrey Garen.
2821
2822         * JavaScriptCore.exp:
2823         * runtime/JSArray.cpp:
2824         (JSC::JSArray::finalize): Added finalizer.
2825         (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
2826         (JSC):
2827         (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
2828         (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
2829         because the old name was confusing because we could have a sparse array that never 
2830         called enterSparseMode.
2831         (JSC::JSArray::defineOwnNumericProperty):
2832         (JSC::JSArray::setLengthWritable):
2833         (JSC::JSArray::putByIndexBeyondVectorLength):
2834         (JSC::JSArray::setLength):
2835         (JSC::JSArray::pop):
2836         (JSC::JSArray::sort):
2837         (JSC::JSArray::compactForSorting):
2838         * runtime/JSArray.h:
2839         (JSArray):
2840
2841 2012-02-01  Andy Wingo  <wingo@igalia.com>
2842
2843         Refactor identifier resolution in BytecodeGenerator
2844         https://bugs.webkit.org/show_bug.cgi?id=76285
2845
2846         Reviewed by Geoffrey Garen.
2847
2848         * bytecompiler/BytecodeGenerator.h:
2849         (JSC::ResolveResult): New class, to describe the storage
2850         location corresponding to an identifier in a program.
2851         * bytecompiler/BytecodeGenerator.cpp:
2852         (JSC::BytecodeGenerator::resolve): New function, replacing
2853         findScopedProperty.
2854         (JSC::BytecodeGenerator::resolveConstDecl): New function,
2855         encapsulating what ConstDeclNode::emitBytecode used to do.
2856         (JSC::BytecodeGenerator::emitGetStaticVar):
2857         (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
2858         corresponding to the old emitGetScopedVar and emitPutScopedVar.
2859         (JSC::BytecodeGenerator::registerFor): Remove version that took an
2860         Identifier&; replaced by ResolveResult::local().
2861         (JSC::BytecodeGenerator::emitResolve):
2862         (JSC::BytecodeGenerator::emitResolveBase):
2863         (JSC::BytecodeGenerator::emitResolveBaseForPut):
2864         (JSC::BytecodeGenerator::emitResolveWithBase):
2865         (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
2866         "resolveResult" argument.  This is more clear, and reduces the
2867         amount of double analysis happening at compile-time.
2868         * bytecompiler/NodesCodegen.cpp:
2869         (JSC::ResolveNode::emitBytecode):
2870         (JSC::EvalFunctionCallNode::emitBytecode):
2871         (JSC::FunctionCallResolveNode::emitBytecode):
2872         (JSC::PostfixResolveNode::emitBytecode):
2873         (JSC::DeleteResolveNode::emitBytecode):
2874         (JSC::TypeOfResolveNode::emitBytecode):
2875         (JSC::PrefixResolveNode::emitBytecode):
2876         (JSC::ReadModifyResolveNode::emitBytecode):
2877         (JSC::AssignResolveNode::emitBytecode):
2878         (JSC::ConstDeclNode::emitCodeSingle):
2879         (JSC::ForInNode::emitBytecode): Refactor to use the new
2880         ResolveResult structure.
2881
2882 2012-02-01  Csaba Osztrogonác  <ossy@webkit.org>
2883
2884         Implement Error.stack
2885         https://bugs.webkit.org/show_bug.cgi?id=66994
2886
2887         Unreviewed, rolling out r106407.
2888
2889         * JavaScriptCore.exp:
2890         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2891         * interpreter/AbstractPC.cpp:
2892         (JSC::AbstractPC::AbstractPC):
2893         * interpreter/Interpreter.cpp:
2894         (JSC::Interpreter::throwException):
2895         * interpreter/Interpreter.h:
2896         (JSC):
2897         (Interpreter):
2898         * jsc.cpp:
2899         (GlobalObject::finishCreation):
2900         * parser/Parser.h:
2901         (JSC::::parse):
2902         * runtime/CommonIdentifiers.h:
2903         * runtime/Error.cpp:
2904         (JSC::addErrorInfo):
2905         * runtime/Error.h:
2906         (JSC):
2907
2908 2012-01-31  Hajime Morrita  <morrita@chromium.org>
2909
2910         Add missing JS_PRIVATE_EXPORTs
2911         https://bugs.webkit.org/show_bug.cgi?id=77507
2912
2913         Reviewed by Kevin Ollivier.
2914
2915         * heap/MarkedSpace.h:
2916         (MarkedSpace):
2917         * interpreter/Interpreter.h:
2918         (Interpreter):
2919         * runtime/JSValue.h:
2920         (JSValue):
2921         * wtf/text/AtomicString.h:
2922         (WTF::AtomicString::add):
2923         * wtf/text/WTFString.h:
2924         (WTF):
2925
2926 2012-01-31  Geoffrey Garen  <ggaren@apple.com>
2927
2928         Stop using -fomit-frame-pointer
2929         https://bugs.webkit.org/show_bug.cgi?id=77403
2930
2931         Reviewed by Filip Pizlo.
2932         
2933         JavaScriptCore is too fast. I'm just the man to fix it.
2934
2935         * Configurations/JavaScriptCore.xcconfig:
2936
2937 2012-01-31  Michael Saboff  <msaboff@apple.com>
2938
2939         StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
2940         https://bugs.webkit.org/show_bug.cgi?id=76647
2941
2942         Reviewed by Darin Adler.
2943
2944         Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
2945         to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle to special
2946         cases.  One case is s-sharp (0xdf) which converts to "SS".  The other case is 
2947         for characters which become 16 bit values when converted to upper case.  For
2948         those, we up convert the the source string and use the 16 bit path.
2949
2950         * runtime/StringPrototype.cpp:
2951         (JSC::stringProtoFuncToUpperCase):
2952         * wtf/text/StringImpl.cpp:
2953         (WTF::StringImpl::upper):
2954         * wtf/unicode/CharacterNames.h:
2955         (smallLetterSharpS): New constant
2956
2957 2012-01-31  Oliver Hunt  <oliver@apple.com>
2958
2959         Remove unneeded sourceId property
2960         https://bugs.webkit.org/show_bug.cgi?id=77495
2961
2962         Reviewed by Filip Pizlo.
2963
2964         sourceId isn't used anymore, so we'll just remove it.
2965
2966         * runtime/Error.cpp:
2967         (JSC):
2968         (JSC::addErrorInfo):
2969         (JSC::hasErrorInfo):
2970
2971 2012-01-31  Oliver Hunt  <oliver@apple.com>
2972
2973         Implement Error.stack
2974         https://bugs.webkit.org/show_bug.cgi?id=66994
2975
2976         Reviewed by Gavin Barraclough.
2977
2978         Original patch by Juan Carlos Montemayor Elosua:
2979             This patch utilizes topCallFrame to create a stack trace when
2980             an error is thrown. Users will also be able to use the stack()
2981             command in jsc to get arrays with stack trace information.
2982
2983         Modified to be correct on ToT, with a variety of correctness,
2984         performance, and security improvements.
2985
2986         * JavaScriptCore.exp:
2987         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2988         * interpreter/Interpreter.cpp:
2989         (JSC::getCallerLine):
2990         (JSC::getSourceURLFromCallFrame):
2991         (JSC::getStackFrameCodeType):
2992         (JSC::Interpreter::getStackTrace):
2993         (JSC::Interpreter::throwException):
2994         * interpreter/Interpreter.h:
2995         (JSC::StackFrame::toString):
2996         * jsc.cpp:
2997         (GlobalObject::finishCreation):
2998         (functionJSCStack):
2999         * parser/Parser.h:
3000         (JSC::Parser::parse):
3001         * runtime/CommonIdentifiers.h:
3002         * runtime/Error.cpp:
3003         (JSC::addErrorInfo):
3004         * runtime/Error.h:
3005
3006 2012-01-31  Scott Graham  <scottmg@chromium.org>
3007
3008         [Chromium] Remove references to gyp cygwin build target
3009         https://bugs.webkit.org/show_bug.cgi?id=77253
3010
3011         Reviewed by Julien Chaffraix.
3012
3013         Target dependency is no longer required, it's done earlier in the
3014         build process.
3015
3016         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3017
3018 2012-01-31  Michael Saboff  <msaboff@apple.com>
3019
3020         ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
3021         https://bugs.webkit.org/show_bug.cgi?id=77443
3022
3023         Reviewed by Gavin Barraclough.
3024
3025         Removed failing ASSERT() and thus destructor.  The ASSERT isn't needed.
3026         We are hitting it in the YARR JIT case where we bail out and go to the
3027         interpreter with a partially JIT'ed function.  Since we haven't linked
3028         the JIT'ed code, there is likely to be some unresolved jumps in the vector
3029         when the ARMv7Assembler destructor is called.  For the case where we
3030         complete the JIT process, we clear the vector at the end of
3031         LinkBuffer::linkCode (LinkBuffer.h:292).
3032
3033         * assembler/ARMv7Assembler.h:
3034         (ARMv7Assembler):
3035
3036 2012-01-31  Anders Carlsson  <andersca@apple.com>
3037
3038         Vector<T>::operator== shouldn't require T to have operator!=
3039         https://bugs.webkit.org/show_bug.cgi?id=77448
3040
3041         Reviewed by Andreas Kling.
3042
3043         Change VectorComparer::compare to use !(a == b) instead of a != b since
3044         it makes more sense for Vector::operator== to use the element's operator==.
3045
3046         * wtf/Vector.h:
3047
3048 2012-01-30  Oliver Hunt  <oliver@apple.com>
3049
3050         get_by_val_arguments is broken in the interpreter
3051         https://bugs.webkit.org/show_bug.cgi?id=77389
3052
3053         Reviewed by Gavin Barraclough.
3054
3055         When get_by_val had wad a value profile added, the same slot was not added to
3056         get_by_val_arguments.  This broke the interpreter as the interpreter falls
3057         back on its regular get_by_val implementation.
3058
3059         No tests are added as the interpreter is fairly broken in its
3060         current state (multiple tests fail due to this bug).
3061
3062         * bytecode/CodeBlock.cpp:
3063         (JSC::CodeBlock::dump):
3064         * bytecode/Opcode.h:
3065         (JSC):
3066         ():
3067         * bytecompiler/BytecodeGenerator.cpp:
3068         (JSC::BytecodeGenerator::emitGetArgumentByVal):
3069
3070 2012-01-30  Oliver Hunt  <oliver@apple.com>
3071
3072         Unexpected syntax error
3073         https://bugs.webkit.org/show_bug.cgi?id=77340
3074
3075         Reviewed by Gavin Barraclough.
3076
3077         Function calls and new expressions have the same semantics for
3078         assignment, so should simply share their lhs handling.
3079
3080         * parser/Parser.cpp:
3081         (JSC::::parseMemberExpression):
3082
3083 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3084
3085         Unreviewed ARMv7 build fix.
3086
3087         * tools/CodeProfiling.cpp:
3088         (JSC):
3089         (JSC::setProfileTimer):
3090         (JSC::CodeProfiling::begin):
3091         (JSC::CodeProfiling::end):
3092
3093 2012-01-30  David Levin  <levin@chromium.org>
3094
3095         Using OS(WIN) or OS(MAC) should cause a build error.
3096         https://bugs.webkit.org/show_bug.cgi?id=77162
3097
3098         Reviewed by Darin Adler.
3099
3100         * wtf/Platform.h: Expand them into something that will
3101          cause a compile error.
3102
3103 2012-01-30  Yong Li  <yoli@rim.com>
3104
3105         [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
3106         https://bugs.webkit.org/show_bug.cgi?id=77360
3107
3108         Reviewed by Rob Buis.
3109
3110         Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
3111         for OS(QNX).
3112
3113         * wtf/Platform.h:
3114
3115 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3116
3117         Speculative Windows build fix.
3118
3119         * assembler/MacroAssemblerCodeRef.h:
3120         (FunctionPtr):
3121
3122 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3123
3124         https://bugs.webkit.org/show_bug.cgi?id=77163
3125         MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
3126
3127         Rubber stamped by Geoff Garen
3128
3129         * assembler/MacroAssemblerCodeRef.h:
3130
3131 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3132
3133         Unreviewed build fix for interpreter builds.
3134
3135         * bytecode/CodeBlock.cpp:
3136         (JSC::CodeBlock::CodeBlock):
3137         * bytecode/CodeBlock.h:
3138         (CodeBlock):
3139         * interpreter/Interpreter.cpp:
3140         (JSC::Interpreter::privateExecute):
3141         * tools/CodeProfile.cpp:
3142         (JSC::CodeProfile::sample):
3143
3144 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3145
3146         Unreviewed build fix following bug#76855
3147
3148         * JavaScriptCore.exp:
3149
3150 2012-01-30  Michael Saboff  <msaboff@apple.com>
3151
3152         CaseFoldingHash::hash() doesn't handle 8 bit strings directly
3153         https://bugs.webkit.org/show_bug.cgi?id=76652
3154
3155         Reviewed by Andreas Kling.
3156
3157         * wtf/text/StringHash.h:
3158         (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
3159
3160 2012-01-30  Michael Saboff  <msaboff@apple.com>
3161
3162         stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
3163         https://bugs.webkit.org/show_bug.cgi?id=76651
3164
3165         Reviewed by Geoffrey Garen.
3166
3167         Made local function substituteBackreferencesSlow a template function
3168         based on character width.  Cleaned up getCharacters() in both UString
3169         and StringImpl.  Changed getCharacters<UChar> to up convert an 8 bit
3170         string to 16 bits if necessary.
3171
3172         * runtime/StringPrototype.cpp:
3173         (JSC::substituteBackreferencesSlow):
3174         (JSC::substituteBackreferences):
3175         * runtime/UString.h:
3176         (JSC::LChar):
3177         (JSC::UChar):
3178         * wtf/text/StringImpl.h:
3179         (WTF::UChar):
3180
3181 2012-01-30  Gavin Barraclough  <barraclough@apple.com>
3182
3183         Clean up putDirect
3184         https://bugs.webkit.org/show_bug.cgi?id=76232
3185
3186         Reviewed by Sam Weinig.
3187
3188         Part 3 - merge op_put_getter & op_put_setter.
3189
3190         Putting these separately is inefficient (and makes future optimiation,
3191         e.g. making GetterSetter immutable) harder. Change to emit a single
3192         op_put_getter_setter bytecode op. Ultimately we should probably be
3193         able to merge this with put direct, to create a common op to initialize
3194         object literal properties.
3195
3196         * bytecode/CodeBlock.cpp:
3197         (JSC::CodeBlock::dump):
3198         * bytecode/Opcode.h:
3199         (JSC):
3200         ():
3201         * bytecompiler/BytecodeGenerator.cpp:
3202         (JSC::BytecodeGenerator::emitPutGetterSetter):
3203         * bytecompiler/BytecodeGenerator.h:
3204         (BytecodeGenerator):
3205         * bytecompiler/NodesCodegen.cpp:
3206         (JSC::PropertyListNode::emitBytecode):
3207         * interpreter/Interpreter.cpp:
3208         (JSC::Interpreter::privateExecute):
3209         * jit/JIT.cpp:
3210         (JSC::JIT::privateCompileMainPass):
3211         * jit/JIT.h:
3212         (JIT):
3213         * jit/JITPropertyAccess.cpp:
3214         (JSC::JIT::emit_op_put_getter_setter):
3215         * jit/JITPropertyAccess32_64.cpp:
3216         (JSC::JIT::emit_op_put_getter_setter):
3217         * jit/JITStubs.cpp:
3218         (JSC::DEFINE_STUB_FUNCTION):
3219         * jit/JITStubs.h:
3220         ():
3221         * runtime/JSObject.cpp:
3222         (JSC::JSObject::putDirectVirtual):
3223         (JSC::JSObject::putDirectAccessor):
3224         (JSC):
3225         (JSC::putDescriptor):
3226         (JSC::JSObject::defineOwnProperty):
3227         * runtime/JSObject.h:
3228         ():
3229         (JSC::JSObject::putDirectInternal):
3230         (JSC::JSObject::putDirect):
3231         (JSC::JSObject::putDirectWithoutTransition):
3232
3233 2012-01-30  Michael Saboff  <msaboff@apple.com>
3234
3235         Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
3236         https://bugs.webkit.org/show_bug.cgi?id=76649
3237
3238         Reviewed by Geoffrey Garen.
3239
3240         * JavaScriptCore.exp: Added export for charactersToDouble.
3241
3242 2012-01-30  Michael Saboff  <msaboff@apple.com>
3243
3244         WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
3245         https://bugs.webkit.org/show_bug.cgi?id=76648
3246
3247         Reviewed by Geoffrey Garen.
3248
3249         Added a new overloaded append member that takes a String& argument, an offest
3250         and a length to do direct sub string appending to a StringBuilder.
3251
3252         * wtf/text/StringBuilder.h:
3253         (WTF::StringBuilder::append):
3254
3255 2012-01-29  Zoltan Herczeg  <zherczeg@webkit.org>
3256
3257         Custom written CSS lexer
3258         https://bugs.webkit.org/show_bug.cgi?id=70107
3259
3260         Reviewed by Antti Koivisto and Oliver Hunt.
3261
3262         Add new helper functions for the custom written CSS lexer.
3263
3264         * wtf/ASCIICType.h:
3265         (WTF::toASCIILowerUnchecked):
3266         (WTF):
3267         (WTF::isASCIIAlphaCaselessEqual):
3268
3269 2012-01-29  Filip Pizlo  <fpizlo@apple.com>
3270
3271         REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
3272         https://bugs.webkit.org/show_bug.cgi?id=77146
3273         <rdar://problem/10770586>
3274
3275         Reviewed by Oliver Hunt.
3276         
3277         The old JIT expects that the result of the last operation is in the lastResultRegister.  The DFG JIT is
3278         designed to correctly track the lastResultRegister by looking at SetLocal nodes.  However, when the DFG
3279         JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
3280         lastResultRegister.  Hence if we OSR exit on the first node following the end of an inlined code block
3281         that had a return value, and that first node uses the return value, the old JIT will get massively
3282         confused.  This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
3283         JIT slightly dumber.
3284
3285         * jit/JITCall.cpp:
3286         (JSC::JIT::emit_op_call_put_result):
3287
3288 2012-01-29  Filip Pizlo  <fpizlo@apple.com>
3289
3290         Build fix for Mac non-x64 platforms.
3291
3292         * tools/CodeProfiling.cpp:
3293         (JSC):
3294
3295 2012-01-28  Gavin Barraclough  <barraclough@apple.com>
3296
3297         Reserve 'let'
3298         https://bugs.webkit.org/show_bug.cgi?id=77293
3299
3300         Rubber stamped by Oliver Hunt.
3301
3302         'let' may become a keyword in ES6.  We're going to try experimentally reserving it,
3303         to see if this breaks the web.
3304
3305         * parser/Keywords.table:
3306
3307 2012-01-27  Gavin Barraclough  <barraclough@apple.com>
3308
3309         Implement a JIT-code aware sampling profiler for JSC
3310         https://bugs.webkit.org/show_bug.cgi?id=76855
3311
3312         Reviewed by Oliver Hunt.
3313
3314         To enable the profiler, set the JSC_CODE_PROFILING environment variable to
3315         1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
3316         trace all samples).
3317
3318         The profiler requires -fomit-frame-pointer to be removed from the build flags.
3319
3320         * JavaScriptCore.exp:
3321             - Removed an export.
3322         * JavaScriptCore.xcodeproj/project.pbxproj:
3323             - Added new files
3324         * bytecode/CodeBlock.cpp:
3325             - For baseline codeblocks, cache the result of canCompileWithDFG.
3326         * bytecode/CodeBlock.h:
3327             - For baseline codeblocks, cache the result of canCompileWithDFG.
3328         * jit/ExecutableAllocator.cpp:
3329         (JSC::ExecutableAllocator::initializeAllocator):
3330             - Notify the profiler when the allocator is created.
3331         (JSC::ExecutableAllocator::allocate):
3332             - Inform the allocated of the ownerUID.
3333         * jit/ExecutableAllocatorFixedVMPool.cpp:
3334         (JSC::ExecutableAllocator::initializeAllocator):
3335             - Notify the profiler when the allocator is created.
3336         (JSC::ExecutableAllocator::allocate):
3337             - Inform the allocated of the ownerUID.
3338         * jit/JITStubs.cpp:
3339             - If profiling, don't mask the return address in JIT code.
3340               (We do so to provide nicer backtraces in debug builds).
3341         * runtime/Completion.cpp:
3342         (JSC::evaluate):
3343             - Notify the profiler of script evaluations.
3344         * tools: Added.
3345         * tools/CodeProfile.cpp: Added.
3346         (JSC::symbolName):
3347             - Helper function to get the name of a symbol in the framework.
3348         (JSC::truncateTrace):
3349             - Helper to truncate traces into methods know to have uninformatively deep stacks.
3350         (JSC::CodeProfile::sample):
3351             - Record a stack trace classifying samples.
3352         (JSC::CodeProfile::report):
3353             - {Print profiler output.
3354         * tools/CodeProfile.h: Added.
3355             - new class, captures a set of samples associated with an evaluated script,
3356               and nested to record samples from subscripts.
3357         * tools/CodeProfiling.cpp: Added.
3358         (JSC::CodeProfiling::profilingTimer):
3359             - callback fired then a timer event occurs.
3360         (JSC::CodeProfiling::notifyAllocator):
3361             - called when the executable allocator is constructed.
3362         (JSC::CodeProfiling::getOwnerUIDForPC):
3363             - helper to lookup the codeblock from an address in JIT code
3364         (JSC::CodeProfiling::begin):
3365             - enter a profiling scope.
3366         (JSC::CodeProfiling::end):
3367             - exit a profiling scope.
3368         * tools/CodeProfiling.h: Added.
3369             - new class, instantialed from Completion to define a profiling scope.
3370         * tools/ProfileTreeNode.h: Added.
3371             - new class, used to construct a tree of samples.
3372         * tools/TieredMMapArray.h: Added.
3373             - new class, a malloc-free vector (can be used while the main thread is suspended,
3374               possibly holding the malloc heap lock).
3375         * wtf/MetaAllocator.cpp:
3376         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
3377         (WTF::MetaAllocator::allocate):
3378             - Allow allocation handles to track information about their owner.
3379         * wtf/MetaAllocator.h:
3380         (MetaAllocator):
3381             - Allow allocation handles to track information about their owner.
3382         * wtf/MetaAllocatorHandle.h:
3383         (MetaAllocatorHandle):
3384         (WTF::MetaAllocatorHandle::ownerUID):
3385             - Allow allocation handles to track information about their owner.
3386         * wtf/OSAllocator.h:
3387         (WTF::OSAllocator::reallocateCommitted):
3388             - reallocate an existing, committed memory allocation.
3389
3390 2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
3391
3392         Unreviewed, rolling out r106187.
3393         http://trac.webkit.org/changeset/106187
3394         https://bugs.webkit.org/show_bug.cgi?id=77276
3395
3396         The last rollout was a false charge. (Requested by morrita on
3397         #webkit).
3398
3399         * runtime/ExceptionHelpers.h:
3400         (InterruptedExecutionError):
3401         * runtime/JSBoundFunction.h:
3402         (JSBoundFunction):
3403         * runtime/RegExp.h:
3404         (RegExp):
3405         * runtime/RegExpMatchesArray.h:
3406         (RegExpMatchesArray):
3407
3408 2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
3409
3410         Unreviewed, rolling out r106151.
3411         http://trac.webkit.org/changeset/106151
3412         https://bugs.webkit.org/show_bug.cgi?id=77275
3413
3414         may break windows build (Requested by morrita on #webkit).
3415
3416         * runtime/ExceptionHelpers.h:
3417         (InterruptedExecutionError):
3418         * runtime/JSBoundFunction.h:
3419         (JSBoundFunction):
3420         * runtime/RegExp.h:
3421         (RegExp):
3422         * runtime/RegExpMatchesArray.h:
3423         (RegExpMatchesArray):
3424
3425 2012-01-28  Filip Pizlo  <fpizlo@apple.com>
3426
3427         GC invoked while doing an old JIT property storage reallocation may lead
3428         to an object that refers to a dead structure
3429         https://bugs.webkit.org/show_bug.cgi?id=77273
3430         <rdar://problem/10770565>
3431
3432         Reviewed by Gavin Barraclough.
3433         
3434         The put_by_id transition was already saving the old structure by virtue of
3435         having the object on the stack, so that wasn't going to get deleted. But the
3436         new structure was unprotected in the transition. I've now changed the
3437         transition code to save the new structure, ensuring that the GC will know it
3438         to be marked if invoked from within put_by_id_transition_realloc.
3439
3440         * jit/JITPropertyAccess.cpp:
3441         (JSC::JIT::privateCompilePutByIdTransition):
3442         * jit/JITPropertyAccess32_64.cpp:
3443         (JSC::JIT::privateCompilePutByIdTransition):
3444         * jit/JITStubs.cpp:
3445         (JSC::DEFINE_STUB_FUNCTION):
3446         * jit/JITStubs.h:
3447         (JSC):
3448         ():
3449
3450 2012-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
3451
3452         Unreviewed, rolling out r106167.
3453         http://trac.webkit.org/changeset/106167
3454         https://bugs.webkit.org/show_bug.cgi?id=77264
3455
3456         broke LayoutTests/fast/js/string-capitalization.html
3457         (Requested by msaboff on #webkit).
3458
3459         * runtime/StringPrototype.cpp:
3460         (JSC::stringProtoFuncToLowerCase):
3461         (JSC::stringProtoFuncToUpperCase):
3462         * wtf/text/StringImpl.cpp:
3463         (WTF::StringImpl::upper):
3464
3465 2012-01-27  Filip Pizlo  <fpizlo@apple.com>
3466
3467         Build fix for interpreter platforms.
3468
3469         * interpreter/AbstractPC.cpp:
3470         (JSC::AbstractPC::AbstractPC):
3471
3472 2012-01-27  Michael Saboff  <msaboff@apple.com>
3473
3474         StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
3475         https://bugs.webkit.org/show_bug.cgi?id=76647
3476
3477         Reviewed by Geoffrey Garen.
3478
3479         Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
3480         to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle the two
3481         8 bit characters that when converted to upper case become 16 bit characters.
3482
3483         * runtime/StringPrototype.cpp:
3484         (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
3485         (JSC::stringProtoFuncToUpperCase):
3486         * wtf/text/StringImpl.cpp:
3487         (WTF::StringImpl::upper):
3488
3489 2012-01-27  Hajime Morita  <morrita@google.com>
3490
3491         [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
3492         https://bugs.webkit.org/show_bug.cgi?id=77244
3493
3494         Reviewed by Filip Pizlo.
3495
3496         * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
3497         * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
3498
3499 2012-01-27  Simon Hausmann  <simon.hausmann@nokia.com>
3500
3501         [JSC] Asm-originated symbols should be marked as hidden
3502         https://bugs.webkit.org/show_bug.cgi?id=77150
3503
3504         Reviewed by Filip Pizlo.
3505
3506         * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
3507         but they were missing in the CPU(X86) and the CPU(X86_64) cases.
3508
3509 2012-01-27  MORITA Hajime  <morrita@google.com>
3510
3511         [JSC] Some JS_EXPORTDATA may not be necessary.
3512         https://bugs.webkit.org/show_bug.cgi?id=77145
3513
3514         Reviewed by Darin Adler.
3515
3516         Removed JS_EXPORTDATA attributes whose attributing symbols are
3517         not exported on Mac port.
3518         
3519         * runtime/ExceptionHelpers.h:
3520         (InterruptedExecutionError):
3521         * runtime/JSBoundFunction.h:
3522         (JSBoundFunction):
3523         * runtime/RegExp.h:
3524         (RegExp):
3525         * runtime/RegExpMatchesArray.h:
3526         (RegExpMatchesArray):
3527
3528 2012-01-27  MORITA Hajime  <morrita@google.com>
3529
3530         [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
3531         https://bugs.webkit.org/show_bug.cgi?id=77113
3532
3533         Reviewed by Darin Adler.
3534
3535         * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
3536
3537 2012-01-27  Zeno Albisser  <zeno@webkit.org>
3538
3539         [Qt][Mac] Build fails after adding ICU support (r105997).
3540         https://bugs.webkit.org/show_bug.cgi?id=77118
3541
3542         Use Apple code path for unicode date formats on mac.
3543
3544         Reviewed by Tor Arne Vestbø.
3545
3546         * runtime/DatePrototype.cpp:
3547         ():
3548
3549 2012-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>
3550
3551         [GTK] Add a GKeyFile especialization to GOwnPtr
3552         https://bugs.webkit.org/show_bug.cgi?id=77191
3553
3554         Reviewed by Martin Robinson.
3555
3556         * wtf/gobject/GOwnPtr.cpp:
3557         (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
3558         * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
3559         * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
3560
3561 2012-01-25  Yury Semikhatsky  <yurys@chromium.org>
3562
3563         Web Inspector: should be possible to open function declaration from script popover
3564         https://bugs.webkit.org/show_bug.cgi?id=76913
3565
3566         Added display function name and source location to the popover in scripts panel.
3567         Now when a function is hovered user can navigate to its definition.
3568
3569         Reviewed by Pavel Feldman.
3570
3571         * JavaScriptCore/JavaScriptCore.exp
3572         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3573         * runtime/JSFunction.h:
3574         (JSFunction):
3575
3576 2012-01-26  Kevin Ollivier  <kevino@theolliviers.com>
3577
3578         [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
3579         
3580         * runtime/DatePrototype.cpp:
3581         ():
3582
3583 2012-01-26  Mark Hahnenberg  <mhahnenberg@apple.com>
3584
3585         Merge AllocationSpace into MarkedSpace
3586         https://bugs.webkit.org/show_bug.cgi?id=77116
3587
3588         Reviewed by Geoffrey Garen.
3589
3590         Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 
3591         MarkedSpace allocation.
3592
3593         * CMakeLists.txt:
3594         * GNUmakefile.list.am:
3595         * JavaScriptCore.exp:
3596         * JavaScriptCore.gypi:
3597         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3598         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3599         * JavaScriptCore.xcodeproj/project.pbxproj:
3600         * Target.pri:
3601         * heap/AllocationSpace.cpp: Removed.
3602         * heap/AllocationSpace.h: Removed.
3603         * heap/BumpSpace.h:
3604         (BumpSpace):
3605         * heap/Heap.h:
3606         (JSC::Heap::objectSpace):
3607         (Heap):
3608         ():
3609         * heap/HeapBlock.h:
3610         ():
3611         * heap/MarkedSpace.cpp:
3612         (JSC::MarkedSpace::tryAllocateHelper):
3613         (JSC):
3614         (JSC::MarkedSpace::tryAllocate):
3615         (JSC::MarkedSpace::allocateSlowCase):
3616         (JSC::MarkedSpace::allocateBlock):
3617         (JSC::MarkedSpace::freeBlocks):
3618         (TakeIfUnmarked):
3619         (JSC::TakeIfUnmarked::TakeIfUnmarked):
3620         (JSC::TakeIfUnmarked::operator()):
3621         (JSC::TakeIfUnmarked::returnValue):
3622         (JSC::MarkedSpace::shrink):
3623         (GatherDirtyCells):
3624         (JSC::GatherDirtyCells::returnValue):
3625         (JSC::GatherDirtyCells::GatherDirtyCells):
3626         (JSC::GatherDirtyCells::operator()):
3627         (JSC::MarkedSpace::gatherDirtyCells):
3628         * heap/MarkedSpace.h:
3629         (MarkedSpace):
3630         (JSC::MarkedSpace::blocks):
3631         (JSC::MarkedSpace::forEachCell):
3632         (JSC):
3633         (JSC::MarkedSpace::allocate):
3634
3635 2012-01-26  Oliver Hunt  <oliver@apple.com>
3636
3637         MSVC bug fix.
3638         <rdar://problem/10703671> MSVC generates bad code for enum compare.
3639
3640         RS=Geoff
3641
3642         Make bitfield large enough to work around MSVC's desire to make enums
3643         signed types.
3644
3645         * bytecode/CallLinkInfo.h:
3646         (CallLinkInfo):
3647
3648 2012-01-26  Filip Pizlo  <fpizlo@apple.com>
3649
3650         All DFG helpers that may call out to arbitrary JS code must know where they
3651         were called from due to inlining and call stack walking
3652         https://bugs.webkit.org/show_bug.cgi?id=77070
3653         <rdar://problem/10750834>
3654
3655         Reviewed by Geoff Garen.
3656         
3657         Changed the DFG to always record a code origin index in the tag of the argument
3658         count (which we previously left blank for the benefit of LLInt, but is still
3659         otherwise unused by the DFG), so that if we ever need to walk the stack accurately
3660         we know where to start. In particular, if the current ExecState* points several
3661         semantic call frames away from the true semantic call frame because we had
3662         performed inlining, having the code origin index recorded means that we can reify
3663         those call frames as necessary to give runtime/library code an accurate view of
3664         the current JS state.
3665         
3666         This required several large but mechanical changes:
3667         
3668         - Calling a function from the DFG now plants a store32 instruction to store the
3669           code origin index. But the indices of code origins were previously picked by
3670           the DFG::JITCompiler after code generation completed. I changed this somewhat;
3671           even though the code origins are put into the CodeBlock after code gen, the
3672           code gen now knows a priori what their indices will be. Extensive assertions
3673           are in place to ensure that the two don't get out of sync, in the form of the
3674           DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
3675           those don't need the code origin index set in the call frame because we can get
3676           it by doing a binary search on the return PC.
3677
3678         - Stack walking now always calls trueCallFrame() first before beginning the walk,
3679           since even the top call frame may be wrong. It still calls trueCallerFrame() as
3680           before to get to the next frame, though trueCallerFrame() is now mostly a
3681           wrapper around callerFrame()->trueCallFrame().
3682           
3683         - Because the mechanism for getting the code origin of a call frame is bimodal
3684           (either the call frame knows its code origin because the code origin index was
3685           set, or it's necessary to use the callee frame's return PC), I put in extra
3686           mechanisms to determine whether your caller, or your callee, corresponds to
3687           a call out of C++ code. Previously we just had the host call flag, but this is
3688           insufficient as it does not cover the case of someone calling JSC::call(). But
3689           luckily we can determine this just by looking at the return PC: if the return
3690           PC is in range of the ctiTrampiline, then two things are true: this call
3691           frame's PC will tell you nothing about where you came from in your caller, and
3692           the caller already knows where it's at because it must have set the code origin
3693           index (unless it's not DFG code, in which case we don't care because there is
3694           no inlining to worry about).
3695           
3696         - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
3697           inlining code, so I fixed it.
3698
3699         - Finally because I was tired of doing random #if's for checking if I should be
3700           passing around an Instruction* or a ReturnAddressPtr, I created a class called
3701           AbstractPC that holds whatever notion of a PC is appropriate for the current
3702           execution environment. It's designed to work gracefully even if both the
3703           interpreter and the JIT are compiled in, and should integrate nicely with the
3704           LLInt.
3705           
3706         This is neutral on all benchmarks and fixes some nasty corner-case regressions of
3707         evil code that uses combinations of getters/setters and function.arguments.
3708
3709         * CMakeLists.txt:
3710         * GNUmakefile.list.am:
3711         * JavaScriptCore.exp:
3712         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3713         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3714         * JavaScriptCore.xcodeproj/project.pbxproj:
3715         * Target.pri:
3716         * bytecode/CodeBlock.h:
3717         (JSC::CodeBlock::codeOrigin):
3718         (CodeBlock):
3719         * dfg/DFGByteCodeParser.cpp:
3720         (JSC::DFG::ByteCodeParser::handleInlining):
3721         * dfg/DFGJITCompiler.cpp:
3722         (JSC::DFG::JITCompiler::link):
3723         * dfg/DFGJITCompiler.h:
3724         (CallBeginToken):
3725         (JSC::DFG::CallBeginToken::CallBeginToken):
3726         (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
3727         (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
3728         (DFG):
3729         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
3730         (CallExceptionRecord):
3731         (JSC::DFG::JITCompiler::JITCompiler):
3732         (JITCompiler):
3733         (JSC::DFG::JITCompiler::nextCallBeginToken):
3734         (JSC::DFG::JITCompiler::beginCall):
3735         (JSC::DFG::JITCompiler::notifyCall):
3736         (JSC::DFG::JITCompiler::addExceptionCheck):
3737         (JSC::DFG::JITCompiler::addFastExceptionCheck):
3738         * dfg/DFGOperations.cpp:
3739         ():
3740         * dfg/DFGRepatch.cpp:
3741         (JSC::DFG::tryBuildGetByIDList):
3742         * dfg/DFGSpeculativeJIT.h:
3743         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
3744         * dfg/DFGSpeculativeJIT32_64.cpp:
3745         (JSC::DFG::SpeculativeJIT::emitCall):
3746         * dfg/DFGSpeculativeJIT64.cpp:
3747         (JSC::DFG::SpeculativeJIT::emitCall):
3748         * interpreter/AbstractPC.cpp: Added.
3749         (JSC):
3750         (JSC::AbstractPC::AbstractPC):
3751         * interpreter/AbstractPC.h: Added.
3752         (JSC):
3753         (AbstractPC):
3754         (JSC::AbstractPC::AbstractPC):
3755         (JSC::AbstractPC::hasJITReturnAddress):
3756         (JSC::AbstractPC::jitReturnAddress):
3757         (JSC::AbstractPC::hasInterpreterReturnAddress):
3758         (JSC::AbstractPC::interpreterReturnAddress):
3759         (JSC::AbstractPC::isSet):
3760         (JSC::AbstractPC::operator!):
3761         ():
3762         * interpreter/CallFrame.cpp:
3763         (JSC):
3764         (JSC::CallFrame::trueCallFrame):
3765         (JSC::CallFrame::trueCallerFrame):
3766         * interpreter/CallFrame.h:
3767         (JSC::ExecState::abstractReturnPC):
3768         (JSC::ExecState::codeOriginIndexForDFGWithInlining):
3769         (ExecState):
3770         (JSC::ExecState::trueCallFrame):
3771         (JSC::ExecState::trueCallFrameFromVMCode):
3772         * interpreter/Interpreter.cpp:
3773         (JSC::Interpreter::retrieveArgumentsFromVMCode):
3774         (JSC::Interpreter::retrieveCallerFromVMCode):
3775         (JSC::Interpreter::findFunctionCallFrameFromVMCode):
3776         * interpreter/Interpreter.h:
3777         (Interpreter):
3778         ():
3779         * jit/JITStubs.cpp:
3780         (JSC):
3781         ():
3782         * jit/JITStubs.h:
3783         (JSC):
3784         (JSC::returnAddressIsInCtiTrampoline):
3785         * runtime/JSFunction.cpp:
3786         (JSC::JSFunction::argumentsGetter):
3787         (JSC::JSFunction::callerGetter):
3788         (JSC::JSFunction::getOwnPropertyDescriptor):
3789
3790 2012-01-26  Peter Varga  <pvarga@webkit.org>
3791
3792         Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
3793         https://bugs.webkit.org/show_bug.cgi?id=77104
3794
3795         Reviewed by Filip Pizlo.
3796
3797         * dfg/DFGOperations.cpp:
3798         ():
3799
3800 2012-01-26  Michael Saboff  <msaboff@apple.com>
3801
3802         String::latin1() should take advantage of 8 bit strings
3803         https://bugs.webkit.org/show_bug.cgi?id=76646
3804
3805         Reviewed by Geoffrey Garen.
3806
3807         * wtf/text/WTFString.cpp:
3808         (WTF::String::latin1): For 8 bit strings, use existing buffer
3809         without conversion.
3810
3811 2012-01-26  Michael Saboff  <msaboff@apple.com>
3812
3813         Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
3814         https://bugs.webkit.org/show_bug.cgi?id=76645
3815
3816         Reviewed by Geoffrey Garen.
3817
3818         * wtf/text/StringImpl.cpp:
3819         (WTF::equalIgnoringCase): New LChar version.
3820         (WTF::findInner): New helper function.
3821         (WTF::StringImpl::find): Added 8 bit path.
3822         (WTF::reverseFindInner): New helper funciton.
3823         (WTF::StringImpl::reverseFind): Added 8 bit path.
3824         (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
3825         * wtf/text/StringImpl.h:
3826         (WTF):
3827
3828 2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
3829
3830         [Qt][Win] One more speculative buildfix after r105970.
3831
3832         * JavaScriptCore.pri:
3833
3834 2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
3835
3836         [Qt][Win] Speculative buildfix after r105970.
3837
3838         * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
3839
3840 2012-01-26  Sheriff Bot  <webkit.review.bot@gmail.com>
3841
3842         Unreviewed, rolling out r105982.
3843         http://trac.webkit.org/changeset/105982
3844         https://bugs.webkit.org/show_bug.cgi?id=77090
3845
3846         breaks the world (Requested by WildFox on #webkit).
3847
3848         * wtf/MainThread.cpp:
3849         (WTF):
3850         * wtf/Platform.h:
3851         * wtf/mac/MainThreadMac.mm:
3852         (WTF):
3853         (WTF::registerGCThread):
3854         (WTF::isMainThreadOrGCThread):
3855
3856 2012-01-26  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
3857
3858         [Qt] GC should be parallel on Qt platform
3859         https://bugs.webkit.org/show_bug.cgi?id=73309
3860
3861         Reviewed by Zoltan Herczeg.
3862
3863         These changes made the parallel gc feature available for Qt port.
3864         The implementation of "registerGCThread" and "isMainThreadOrGCThread"
3865         is moved from MainThreadMac.mm to the common MainThread.cpp to make
3866         them available for other platforms.
3867
3868         Measurement results:
3869         V8           speed-up:  1.071x as fast  [From: 746.1ms  To: 696.4ms ]
3870         WindScorpion speed-up:  1.082x as fast  [From: 3490.4ms To: 3226.7ms]
3871         V8 Splay     speed-up:  1.158x as fast  [From: 145.8ms  To: 125.9ms ]
3872
3873         Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
3874
3875         * wtf/MainThread.cpp:
3876         (WTF):
3877         (WTF::registerGCThread):
3878         (WTF::isMainThreadOrGCThread):
3879         * wtf/Platform.h:
3880         * wtf/mac/MainThreadMac.mm:
3881
3882 2012-01-26  Andy Estes  <aestes@apple.com>
3883
3884         REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
3885         https://bugs.webkit.org/show_bug.cgi?id=77073
3886
3887         Reviewed by Ryosuke Niwa.
3888         
3889         r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
3890         This should have been changed to OS(WINDOWS). This causes the
3891         preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
3892         causing allocations made by Win32 to be deleted by fastmalloc.
3893
3894         * wtf/OwnPtrCommon.h:
3895         (WTF): Use OS(WINDOWS) instead of OS(WIN).
3896
3897 2012-01-25  Mark Rowe  <mrowe@apple.com>
3898
3899         Attempted Mac build fix after r105939.
3900
3901         * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
3902         It isn't used on these platforms and isn't available in the ICU headers
3903         for Mac.
3904
3905 2012-01-25  Mark Rowe  <mrowe@apple.com>
3906
3907         Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
3908
3909         <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
3910
3911         Reviewed by David Kilzer.
3912
3913         * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
3914         the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
3915         to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
3916         * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
3917         the normal framework location. This prevents an incorrect install name from being used when
3918         installing in to the staged frameworks directory.
3919
3920 2012-01-25  Eli Fidler  <efidler@rim.com>
3921
3922         Implement Date.toLocaleString() using ICU
3923         https://bugs.webkit.org/show_bug.cgi?id=76714
3924
3925         Reviewed by Darin Adler.
3926
3927         * runtime/DatePrototype.cpp:
3928         (JSC::formatLocaleDate):
3929
3930 2012-01-25  Hajime Morita  <morrita@google.com>
3931
3932         ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
3933         https://bugs.webkit.org/show_bug.cgi?id=76863
3934
3935         Reviewed by Dimitri Glazkov.
3936
3937         Added a feature flag.
3938
3939         * Configurations/FeatureDefines.xcconfig:
3940
3941 2012-01-25  Yong Li  <yoli@rim.com>
3942
3943         [BlackBerry] Implement OSAllocator::commit/decommit.
3944         BlackBerry port should support virtual memory decommiting.
3945         https://bugs.webkit.org/show_bug.cgi?id=77013
3946
3947         Reviewed by Rob Buis.
3948
3949         * wtf/OSAllocatorPosix.cpp:
3950         (WTF::OSAllocator::reserveUncommitted):
3951         (WTF::OSAllocator::commit):
3952         (WTF::OSAllocator::decommit):
3953         * wtf/Platform.h:
3954
3955 2012-01-24  Oliver Hunt  <oliver@apple.com>
3956
3957         Make DFG update topCallFrame
3958         https://bugs.webkit.org/show_bug.cgi?id=76969
3959
3960         Reviewed by Filip Pizlo.
3961
3962         Add NativeCallFrameTracer to manage topCallFrame assignment
3963         in the DFG operations, and make use of it.
3964
3965         * dfg/DFGOperations.cpp:
3966         (JSC::DFG::operationPutByValInternal):
3967         ():
3968         * interpreter/Interpreter.h:
3969         (JSC):
3970         (NativeCallFrameTracer):
3971         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
3972
3973 2012-01-24  Filip Pizlo  <fpizlo@apple.com>
3974
3975         Inlining breaks call frame walking when the walking is done from outside the inlinee,
3976         but inside a code block that had inlining
3977         https://bugs.webkit.org/show_bug.cgi?id=76978
3978         <rdar://problem/10720904>
3979
3980         Reviewed by Oliver Hunt.
3981
3982         * bytecode/CodeBlock.h:
3983         (JSC::CodeBlock::codeOriginForReturn):
3984         * interpreter/CallFrame.cpp:
3985         (JSC::CallFrame::trueCallerFrame):
3986
3987 2012-01-24  Gavin Barraclough  <barraclough@apple.com>
3988
3989         https://bugs.webkit.org/show_bug.cgi?id=76855
3990         Implement a JIT-code aware sampling profiler for JSC
3991
3992         Reviewed by Oliver Hunt.
3993
3994         Add support to MetaAllocator.cpp to track all live handles in a map,
3995         allowing lookup based on any address within the allocation.
3996
3997         * wtf/MetaAllocator.cpp:
3998         (WTF::MetaAllocatorTracker::notify):
3999         (WTF::MetaAllocatorTracker::release):
4000             - Track live handle objects in a map.
4001         (WTF::MetaAllocator::release):
4002             - Removed support for handles with null m_allocator (no longer used).
4003             - Notify the tracker of handles being released.
4004         (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
4005             - Moved functionality out into MetaAllocator::release.
4006         (WTF::MetaAllocatorHandle::shrink):
4007             - Removed support for handles with null m_allocator (no longer used).
4008         (WTF::MetaAllocator::MetaAllocator):
4009             - Initialize m_tracker.
4010         (WTF::MetaAllocator::allocate):
4011             - Notify the tracker of new allocations.
4012         * wtf/MetaAllocator.h:
4013         (WTF::MetaAllocatorTracker::find):
4014             - Lookup a MetaAllocatorHandle based on an address inside the allocation.
4015         (WTF::MetaAllocator::trackAllocations):
4016             - Register a callback object to track allocation state.
4017         * wtf/MetaAllocatorHandle.h:
4018             - Remove unused createSelfManagedHandle/constructor.
4019         (WTF::MetaAllocatorHandle::key):
4020             - Added, for use in RedBlackTree.
4021
4022 2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
4023
4024         Use copying collector for out-of-line JSObject property storage
4025         https://bugs.webkit.org/show_bug.cgi?id=76665
4026
4027         Reviewed by Geoffrey Garen.
4028
4029         * runtime/JSObject.cpp:
4030         (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
4031         Also added a temporary variable to avoid warnings from GCC.
4032         (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
4033         operator new. Also added a temporary variable to avoid warnings from GCC.
4034         * runtime/JSObject.h:
4035
4036 2012-01-24  Geoffrey Garen  <ggaren@apple.com>
4037
4038         JSValue::toString() should return a JSString* instead of a UString
4039         https://bugs.webkit.org/show_bug.cgi?id=76861
4040
4041         Fixed two failing layout tests after my last patch.