[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2012-02-18  Filip Pizlo  <fpizlo@apple.com>

        Attempt to fix Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-18  Sam Weinig  <sam@webkit.org>

        Fix the libc++ build.

        Reviewed by Anders Carlsson.

        * heap/Weak.h:
        Libc++'s nullptr emulation does not allow default construction
        of the nullptr_t type. Work around this with the arguably clearer
        just returning nullptr.

2012-02-18  Filip Pizlo  <fpizlo@apple.com>

        DFGPropagator.cpp has too many things
        https://bugs.webkit.org/show_bug.cgi?id=78956

        Reviewed by Oliver Hunt.
        
        Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
        various things and put them into separate files. These new phases follow
        the naming convention "DFG<name>Phase" where <name> is a noun. They are
        called via functions of the form "perform<name>".

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
        (DFG):
        (JSC::DFG::performArithNodeFlagsInference):
        * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
        (DFG):
        * dfg/DFGCFAPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performCFA):
        * dfg/DFGCFAPhase.h: Added.
        (DFG):
        * dfg/DFGCSEPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performCSE):
        * dfg/DFGCSEPhase.h: Added.
        (DFG):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGPhase.cpp: Added.
        (DFG):
        (JSC::DFG::Phase::beginPhase):
        (JSC::DFG::Phase::endPhase):
        * dfg/DFGPhase.h: Added.
        (DFG):
        (Phase):
        (JSC::DFG::Phase::Phase):
        (JSC::DFG::Phase::~Phase):
        (JSC::DFG::Phase::globalData):
        (JSC::DFG::Phase::codeBlock):
        (JSC::DFG::Phase::profiledBlock):
        (JSC::DFG::Phase::beginPhase):
        (JSC::DFG::Phase::endPhase):
        (JSC::DFG::runPhase):
        * dfg/DFGPredictionPropagationPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performPredictionPropagation):
        * dfg/DFGPredictionPropagationPhase.h: Added.
        (DFG):
        * dfg/DFGPropagator.cpp: Removed.
        * dfg/DFGPropagator.h: Removed.
        * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
        (DFG):
        (JSC::DFG::performVirtualRegisterAllocation):
        * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
        (DFG):

2012-02-17  Filip Pizlo  <fpizlo@apple.com>

        DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
        the CodeBlock that was used for profiling
        https://bugs.webkit.org/show_bug.cgi?id=78954

        Reviewed by Gavin Barraclough.

        * bytecode/CodeBlock.h:
        (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
        (JSC):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::AbstractState):
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGAbstractState.h:
        * dfg/DFGAssemblyHelpers.h:
        (AssemblyHelpers):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::ByteCodeParser):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::parse):
        * dfg/DFGByteCodeParser.h:
        (DFG):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        (JSC::DFG::Graph::predictArgumentTypes):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::Graph):
        (Graph):
        (JSC::DFG::Graph::getJSConstantPrediction):
        (JSC::DFG::Graph::addShouldSpeculateInteger):
        (JSC::DFG::Graph::isInt32Constant):
        (JSC::DFG::Graph::isDoubleConstant):
        (JSC::DFG::Graph::isNumberConstant):
        (JSC::DFG::Graph::isBooleanConstant):
        (JSC::DFG::Graph::isFunctionConstant):
        (JSC::DFG::Graph::valueOfJSConstant):
        (JSC::DFG::Graph::valueOfInt32Constant):
        (JSC::DFG::Graph::valueOfNumberConstant):
        (JSC::DFG::Graph::valueOfBooleanConstant):
        (JSC::DFG::Graph::valueOfFunctionConstant):
        (JSC::DFG::Graph::baselineCodeBlockFor):
        (JSC::DFG::Graph::valueProfileFor):
        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::JITCompiler):
        (JITCompiler):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::Propagator):
        (JSC::DFG::Propagator::isNotNegZero):
        (JSC::DFG::Propagator::isNotZero):
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
        (JSC::DFG::Propagator::globalCFA):
        (JSC::DFG::propagate):
        * dfg/DFGPropagator.h:
        (DFG):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
        (JSC::DFG::SpeculativeJIT::compileAdd):
        (JSC::DFG::SpeculativeJIT::compileArithSub):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::isConstant):
        (JSC::DFG::SpeculativeJIT::isJSConstant):
        (JSC::DFG::SpeculativeJIT::isInt32Constant):
        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
        (JSC::DFG::SpeculativeJIT::isNumberConstant):
        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
        (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
        (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
        (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
        (JSC::DFG::SpeculativeJIT::speculationCheck):
        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):

2012-02-17  Ahmad Sharif  <asharif.tools@gmail.com>

        There is a warning in memset in glibc that gets triggered through a
        warndecl when the fill-value of memset is a non-zero constant and the
        size is zero. This warning is enabled when building with
        -D_FORTIFY_SOURCE=2. This patch fixes the warning.

        https://bugs.webkit.org/show_bug.cgi?id=78513

        Reviewed by Alexey Proskuryakov

        * wtf/Vector.h:

2012-02-17  Kalev Lember  <kalevlember@gmail.com>

        Remove unused parameters from WTF threading API
        https://bugs.webkit.org/show_bug.cgi?id=78389

        Reviewed by Adam Roben.

        waitForThreadCompletion() had an out param 'void **result' to get the
        'void *' returned by ThreadFunction. However, the implementation in
        ThreadingWin.cpp ignored the out param, not filling it in. This had
        led to a situation where none of the client code made use of the param
        and just ignored it.

        To clean this up, the patch changes the signature of ThreadFunction to
        return void instead of void* and drops the the unused 'void **result'
        parameter from waitForThreadCompletion. Also, all client code is
        updated for the API change.

        As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
        though the change only affects internal API, Safari is using it
        directly and we'll need to keep the old versions around for ABI
        compatibility. For this, the patch adds compatibility wrappers with
        the old ABI.

        * JavaScriptCore.order:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * bytecode/SamplingTool.cpp:
        (JSC::SamplingThread::threadStartFunc):
        (JSC::SamplingThread::stop):
        * bytecode/SamplingTool.h:
        (SamplingThread):
        * heap/Heap.cpp:
        (JSC::Heap::~Heap):
        (JSC::Heap::blockFreeingThreadStartFunc):
        * heap/Heap.h:
        * heap/MarkStack.cpp:
        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
        (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
        * heap/MarkStack.h:
        (MarkStackThreadSharedData):
        * wtf/ParallelJobsGeneric.cpp:
        (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
        * wtf/ParallelJobsGeneric.h:
        (ThreadPrivate):
        * wtf/ThreadFunctionInvocation.h: Update the signature of
        ThreadFunction.
        (WTF):
        * wtf/Threading.cpp:
        (WTF::threadEntryPoint): Update for ThreadFunction signature change.
        (WTF):
        (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
        ABI compatibility function for Safari.
        (ThreadFunctionWithReturnValueInvocation): Ditto.
        (WTF::compatEntryPoint): Ditto.
        (WTF::createThread): Ditto.
        (WTF::waitForThreadCompletion): Ditto.
        * wtf/Threading.h: Update the signature of ThreadFunction and
        waitForThreadCompletion.
        (WTF):
        * wtf/ThreadingPthreads.cpp: Implement the new API.
        (WTF::wtfThreadEntryPoint):
        (WTF):
        (WTF::createThreadInternal):
        (WTF::waitForThreadCompletion):
        * wtf/ThreadingWin.cpp: Implement the new API.
        (WTF::wtfThreadEntryPoint):
        (WTF::waitForThreadCompletion):

2012-02-16  Oliver Hunt  <oliver@apple.com>

        Implement Error.stack
        https://bugs.webkit.org/show_bug.cgi?id=66994

        Reviewed by Gavin Barraclough.

        Implement support for stack traces on exception objects.  This is a rewrite
        of the core portion of the last stack walking logic, but the mechanical work
        of adding the information to an exception comes from the original work by
        Juan Carlos Montemayor Elosua.

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):
        (JSC):
        (JSC::getSourceURLFromCallFrame):
        (JSC::getStackFrameCodeType):
        (JSC::Interpreter::getStackTrace):
        (JSC::Interpreter::throwException):
        (JSC::Interpreter::privateExecute):
        * interpreter/Interpreter.h:
        (JSC):
        (StackFrame):
        (JSC::StackFrame::toString):
        (Interpreter):
        * jsc.cpp:
        (GlobalObject::finishCreation):
        (functionJSCStack):
        * parser/Nodes.h:
        (JSC::FunctionBodyNode::setInferredName):
        * parser/Parser.h:
        (JSC::::parse):
        * runtime/CommonIdentifiers.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/Error.h:
        (JSC):

2012-02-17  Mark Hahnenberg  <mhahnenberg@apple.com>

        Rename Bump* to Copy*
        https://bugs.webkit.org/show_bug.cgi?id=78573

        Reviewed by Geoffrey Garen.

        Renamed anything with "Bump" in the name to have "Copied" instead.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * heap/BumpBlock.h: Removed.
        * heap/BumpSpace.cpp: Removed.
        * heap/BumpSpace.h: Removed.
        * heap/BumpSpaceInlineMethods.h: Removed.
        * heap/ConservativeRoots.cpp:
        (JSC::ConservativeRoots::ConservativeRoots):
        (JSC::ConservativeRoots::genericAddPointer):
        * heap/ConservativeRoots.h:
        (ConservativeRoots):
        * heap/CopiedBlock.h: Added.
        (JSC):
        (CopiedBlock):
        (JSC::CopiedBlock::CopiedBlock):
        * heap/CopiedSpace.cpp: Added.
        (JSC):
        (JSC::CopiedSpace::tryAllocateSlowCase):
        * heap/CopiedSpace.h: Added.
        (JSC):
        (CopiedSpace):
        (JSC::CopiedSpace::isInCopyPhase):
        (JSC::CopiedSpace::totalMemoryAllocated):
        (JSC::CopiedSpace::totalMemoryUtilized):
        * heap/CopiedSpaceInlineMethods.h: Added.
        (JSC):
        (JSC::CopiedSpace::CopiedSpace):
        (JSC::CopiedSpace::init):
        (JSC::CopiedSpace::contains):
        (JSC::CopiedSpace::pin):
        (JSC::CopiedSpace::startedCopying):
        (JSC::CopiedSpace::doneCopying):
        (JSC::CopiedSpace::doneFillingBlock):
        (JSC::CopiedSpace::recycleBlock):
        (JSC::CopiedSpace::getFreshBlock):
        (JSC::CopiedSpace::borrowBlock):
        (JSC::CopiedSpace::addNewBlock):
        (JSC::CopiedSpace::allocateNewBlock):
        (JSC::CopiedSpace::fitsInBlock):
        (JSC::CopiedSpace::fitsInCurrentBlock):
        (JSC::CopiedSpace::tryAllocate):
        (JSC::CopiedSpace::tryAllocateOversize):
        (JSC::CopiedSpace::allocateFromBlock):
        (JSC::CopiedSpace::tryReallocate):
        (JSC::CopiedSpace::tryReallocateOversize):
        (JSC::CopiedSpace::isOversize):
        (JSC::CopiedSpace::isPinned):
        (JSC::CopiedSpace::oversizeBlockFor):
        (JSC::CopiedSpace::blockFor):
        * heap/Heap.cpp:
        * heap/Heap.h:
        (JSC):
        (Heap):
        * heap/MarkStack.cpp:
        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
        (JSC::SlotVisitor::drainFromShared):
        (JSC::SlotVisitor::startCopying):
        (JSC::SlotVisitor::allocateNewSpace):
        (JSC::SlotVisitor::doneCopying):
        * heap/MarkStack.h:
        (MarkStackThreadSharedData):
        * heap/SlotVisitor.h:
        (SlotVisitor):
        * runtime/JSArray.cpp:
        * runtime/JSObject.cpp:

2012-02-16  Yuqiang Xian  <yuqiang.xian@intel.com>

        Add JSC code profiling support on Linux x86
        https://bugs.webkit.org/show_bug.cgi?id=78871

        Reviewed by Gavin Barraclough.

        We don't unwind the stack for now as we cannot guarantee all the
        libraries are compiled without -fomit-frame-pointer.

        * tools/CodeProfile.cpp:
        (JSC::CodeProfile::sample):
        * tools/CodeProfiling.cpp:
        (JSC):
        (JSC::profilingTimer):
        (JSC::CodeProfiling::begin):
        (JSC::CodeProfiling::end):

2012-02-16  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed. Rolling out r107980, because it broke 32 bit platforms.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::throwException):
        (JSC::Interpreter::privateExecute):
        * interpreter/Interpreter.h:
        (JSC):
        (Interpreter):
        * jsc.cpp:
        (GlobalObject::finishCreation):
        * parser/Nodes.h:
        (JSC::FunctionBodyNode::setInferredName):
        * parser/Parser.h:
        (JSC::::parse):
        * runtime/CommonIdentifiers.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/Error.h:
        (JSC):

2012-02-16  Filip Pizlo  <fpizlo@apple.com>

        ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
        https://bugs.webkit.org/show_bug.cgi?id=78791

        Rubber stamped by Oliver Hunt.
        
        Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
        COMPUTED_GOTO_CLASSIC_INTERPRETER.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::stronglyVisitStrongReferences):
        (JSC):
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        * bytecode/Instruction.h:
        (JSC::Instruction::Instruction):
        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        * interpreter/AbstractPC.cpp:
        (JSC::AbstractPC::AbstractPC):
        * interpreter/AbstractPC.h:
        (AbstractPC):
        * interpreter/CallFrame.h:
        (ExecState):
        * interpreter/Interpreter.cpp:
        (JSC):
        (JSC::Interpreter::initialize):
        (JSC::Interpreter::isOpcode):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveLastCaller):
        * interpreter/Interpreter.h:
        (JSC::Interpreter::getOpcode):
        (JSC::Interpreter::getOpcodeID):
        (Interpreter):
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/Executable.h:
        (NativeExecutable):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::getHostFunction):
        * runtime/JSGlobalData.h:
        (JSGlobalData):
        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveAndCommit):
        * wtf/Platform.h:

2012-02-15  Geoffrey Garen  <ggaren@apple.com>

        Made Weak<T> single-owner, adding PassWeak<T>
        https://bugs.webkit.org/show_bug.cgi?id=78740

        Reviewed by Sam Weinig.

        This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.

        This clarifies the semantics of finalizers: It's ambiguous and probably
        a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
        twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a 
        Weak<T>, we now use PassWeak<T>.

        This also makes Weak<T> HashMaps more efficient.

        * API/JSClassRef.cpp:
        (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since 
        set() is gone now.

        * JavaScriptCore.xcodeproj/project.pbxproj: Export!

        * heap/PassWeak.h: Added.
        (JSC):
        (PassWeak):
        (JSC::PassWeak::PassWeak):
        (JSC::PassWeak::~PassWeak):
        (JSC::PassWeak::get):
        (JSC::::leakHandle):
        (JSC::adoptWeak):
        (JSC::operator==):
        (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.

        * heap/Weak.h:
        (Weak):
        (JSC::Weak::Weak):
        (JSC::Weak::release):
        (JSC::Weak::hashTableDeletedValue):
        (JSC::=):
        (JSC): Changed to be non-copyable, removing a lot of copying-related
        APIs. Added hash traits so hash maps still work.

        * jit/JITStubs.cpp:
        (JSC::JITThunks::hostFunctionStub):
        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
        our new hash map API.

2012-02-16  Mark Hahnenberg  <mhahnenberg@apple.com>

        Fix the broken viewport tests
        https://bugs.webkit.org/show_bug.cgi?id=78774

        Reviewed by Kenneth Rohde Christiansen.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * wtf/text/WTFString.cpp:
        (WTF):
        (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
        want to allow trailing junk or not when calling strtod.
        (WTF::charactersToDouble):
        (WTF::charactersToFloat):
        (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows 
        trailing junk.
        * wtf/text/WTFString.h:
        (WTF):

2012-02-16  Oliver Hunt  <oliver@apple.com>

        Implement Error.stack
        https://bugs.webkit.org/show_bug.cgi?id=66994

        Reviewed by Gavin Barraclough.

        Implement support for stack traces on exception objects.  This is a rewrite
        of the core portion of the last stack walking logic, but the mechanical work
        of adding the information to an exception comes from the original work by
        Juan Carlos Montemayor Elosua.

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):
        (JSC):
        (JSC::getSourceURLFromCallFrame):
        (JSC::getStackFrameCodeType):
        (JSC::Interpreter::getStackTrace):
        (JSC::Interpreter::throwException):
        (JSC::Interpreter::privateExecute):
        * interpreter/Interpreter.h:
        (JSC):
        (StackFrame):
        (JSC::StackFrame::toString):
        (Interpreter):
        * jsc.cpp:
        (GlobalObject::finishCreation):
        (functionJSCStack):
        * parser/Nodes.h:
        (JSC::FunctionBodyNode::setInferredName):
        * parser/Parser.h:
        (JSC::::parse):
        * runtime/CommonIdentifiers.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/Error.h:
        (JSC):

2012-02-15  Gavin Barraclough  <barraclough@apple.com>

        Numerous trivial bugs in Object.defineProperty
        https://bugs.webkit.org/show_bug.cgi?id=78777

        Reviewed by Sam Weinig.

        There are a handful of really trivial bugs, related to Object.defineProperty:
            * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
            * Calling an undefined setter should only throw in strict mode.
            * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
            * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
            * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
            * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
            * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
            * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
            * Should be able to define an non-configurable accessor.
        These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.

        * runtime/JSArray.cpp:
        (JSC::SparseArrayValueMap::put):
            - Added ASSERT.
            - Calling an undefined setter should only throw in strict mode.
        (JSC::JSArray::putDescriptor):
            - Should be able to define an non-configurable accessor.
        (JSC::JSArray::defineOwnNumericProperty):
            - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
        (JSC::JSArray::putByIndexBeyondVectorLength):
            - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
        * runtime/JSArray.h:
        (JSArray):
            - made enterDictionaryMode public, called from JSObject.
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
            - Calling an undefined setter should only throw in strict mode.
        (JSC::JSObject::preventExtensions):
            - Put array objects into dictionary mode to handle this!
        (JSC::JSObject::defineOwnProperty):
            - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
            - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorDefineProperties):
            - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::attributesWithOverride):
            - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
        (JSC::PropertyDescriptor::attributesOverridingCurrent):
            - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
        * runtime/Structure.cpp:
        (JSC::Structure::freezeTransition):
            - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
        (JSC::Structure::isFrozen):
            - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').

2012-02-13  Filip Pizlo  <fpizlo@apple.com>

        DFG should not check the types of arguments that are dead
        https://bugs.webkit.org/show_bug.cgi?id=78518

        Reviewed by Geoff Garen.
        
        The argument checks are now elided if the corresponding SetArgument is dead,
        and the abstract value of the argument is set to bottom (None, []). This is
        performance neutral on the benchmarks we currently track.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::initialize):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):

2012-02-15  Oliver Hunt  <oliver@apple.com>

        Ensure that the DFG JIT always plants a CodeOrigin when making calls
        https://bugs.webkit.org/show_bug.cgi?id=78763

        Reviewed by Gavin Barraclough.

        Make all calls plant a CodeOrigin prior to the actual
        call.  Also clobbers the Interpreter with logic to ensure
        that the interpreter always plants a bytecode offset.

        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGJITCompiler.h:
        (CallBeginToken):
        (JSC::DFG::JITCompiler::beginJSCall):
        (JSC::DFG::JITCompiler::beginCall):
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::tryBuildGetByIDList):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::emitCall):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::emitCall):
        * interpreter/AbstractPC.cpp:
        (JSC::AbstractPC::AbstractPC):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::trueCallFrame):
        * interpreter/CallFrame.h:
        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
        (ExecState):
        (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
        (JSC::ExecState::codeOriginIndexForDFG):

2012-02-14  Oliver Hunt  <oliver@apple.com>

        Fix Interpreter.

        * runtime/Executable.cpp:
        (JSC):
        * runtime/Executable.h:
        (ExecutableBase):

2012-02-14  Matt Lilek  <mrl@apple.com>

        Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
        https://bugs.webkit.org/show_bug.cgi?id=78629

        Reviewed by David Kilzer.

        * Configurations/FeatureDefines.xcconfig:

2012-02-14  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, build fix for non-DFG platforms.

        * assembler/MacroAssembler.h:
        (MacroAssembler):

2012-02-14  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, fix build and configuration goof.

        * assembler/MacroAssembler.h:
        (JSC::MacroAssembler::invert):
        * dfg/DFGCommon.h:

2012-02-13  Filip Pizlo  <fpizlo@apple.com>

        DFG should be able to emit code on control flow edges
        https://bugs.webkit.org/show_bug.cgi?id=78515

        Reviewed by Gavin Barraclough.
        
        This gets us a few steps closer to being able to perform global register allocation,
        by allowing us to have landing pads on control flow edges. This will let us reshuffle
        registers if it happens to be necessary due to different reg alloc decisions in
        differen blocks.
        
        This also introduces the notion of a landing pad for OSR entry, which will allow us
        to emit code that places data into registers when we're entering into the DFG from
        the old JIT.
        
        Finally, this patch introduces a verification mode that checks that the landing pads
        are actually emitted and do actually work as advertised. When verification is disabled,
        this has no effect on behavior.

        * assembler/MacroAssembler.h:
        (MacroAssembler):
        (JSC::MacroAssembler::invert):
        (JSC::MacroAssembler::isInvertible):
        * dfg/DFGCommon.h:
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
        (JSC::DFG::SpeculativeJIT::compile):
        (JSC::DFG::SpeculativeJIT::createOSREntries):
        (DFG):
        (JSC::DFG::SpeculativeJIT::linkOSREntries):
        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
        * dfg/DFGSpeculativeJIT.h:
        (SpeculativeJIT):
        (JSC::DFG::SpeculativeJIT::branchDouble):
        (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
        (JSC::DFG::SpeculativeJIT::branch32):
        (JSC::DFG::SpeculativeJIT::branchTest32):
        (JSC::DFG::SpeculativeJIT::branchPtr):
        (JSC::DFG::SpeculativeJIT::branchTestPtr):
        (JSC::DFG::SpeculativeJIT::branchTest8):
        (JSC::DFG::SpeculativeJIT::jump):
        (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
        (JSC::DFG::SpeculativeJIT::emitEdgeCode):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
        (JSC::DFG::SpeculativeJIT::emitBranch):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
        (JSC::DFG::SpeculativeJIT::emitBranch):
        (JSC::DFG::SpeculativeJIT::compile):

2012-02-14  Filip Pizlo  <fpizlo@apple.com>

        Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
        https://bugs.webkit.org/show_bug.cgi?id=78153
        <rdar://problem/10861712> <rdar://problem/10861947>

        Reviewed by Oliver Hunt.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileAdd):

2012-02-14  Eric Seidel  <eric@webkit.org>

        Upstream Android's additions to Platform.h
        https://bugs.webkit.org/show_bug.cgi?id=78536

        Reviewed by Adam Barth.

        * wtf/Platform.h:

2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>

        Replace old strtod with new strtod
        https://bugs.webkit.org/show_bug.cgi?id=68044

        Reviewed by Geoffrey Garen.

        * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
        (JSC::::lex):
        * runtime/JSGlobalObjectFunctions.cpp: Ditto.
        (JSC::parseInt):
        (JSC::jsStrDecimalLiteral):
        * runtime/LiteralParser.cpp: Ditto.
        (JSC::::Lexer::lexNumber):
        * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
        It takes a template argument to allow clients to determine statically whether it should allow 
        junk after the numbers or not.
        (WTF):
        (WTF::strtod):
        * wtf/dtoa.h:
        (WTF):
        * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
        (WTF::toDoubleType):

2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        More windows build fixing

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-13  Oliver Hunt  <oliver@apple.com>

        Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
        https://bugs.webkit.org/show_bug.cgi?id=76315

        Reviewed by Gavin Barraclough.

        Perform a 3 byte compare using two comparisons, rather than trying to perform the
        operation with a four byte load.

        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):

2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        Windows build fix

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>

        Replace old strtod with new strtod
        https://bugs.webkit.org/show_bug.cgi?id=68044

        Reviewed by Geoffrey Garen.

        * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
        (JSC::::lex):
        * runtime/JSGlobalObjectFunctions.cpp: Ditto.
        (JSC::parseInt):
        (JSC::jsStrDecimalLiteral):
        * runtime/LiteralParser.cpp: Ditto.
        (JSC::::Lexer::lexNumber):
        * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
        It takes a template argument to allow clients to determine statically whether it should allow 
        junk after the numbers or not.
        (WTF):
        (WTF::strtod):
        * wtf/dtoa.h:
        (WTF):
        * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
        (WTF::toDoubleType):

2012-02-13  Sam Weinig  <sam@webkit.org>

        Move JSC related assertions out of Assertions.h and into their own header
        https://bugs.webkit.org/show_bug.cgi?id=78508

        Reviewed by Gavin Barraclough.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        Add GCAssertions.h

        * heap/GCAssertions.h: Added.
        Move assertions here.

        * runtime/WriteBarrier.h:
        Add #include of GCAssertions.h

        * wtf/Assertions.h:
        Remove JSC related assertions.

        * wtf/Compiler.h:
        Add compiler check for __has_trivial_destructor.

2012-02-13  Chao-ying Fu  <fu@mips.com>

        Update MIPS patchOffsetGetByIdSlowCaseCall
        https://bugs.webkit.org/show_bug.cgi?id=78392

        Reviewed by Gavin Barraclough.

        * jit/JIT.h:
        (JIT):

2012-02-13  Patrick Gansterer  <paroga@webkit.org>

        Remove obsolete #if from ThreadSpecific.h
        https://bugs.webkit.org/show_bug.cgi?id=78485

        Reviewed by Adam Roben.

        Since alle platform use either pthread or Win32 for threading,
        we can remove all PLATFORM() preprocessor statements.

        * wtf/ThreadSpecific.h:
        (ThreadSpecific):

2012-02-13  Jessie Berlin  <jberlin@apple.com>

        Fix the Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-13  Sam Weinig  <sam@webkit.org>

        Use C11's _Static_assert for COMPILE_ASSERT if it is available
        https://bugs.webkit.org/show_bug.cgi?id=78506

        Rubber-stamped by Antti Koivisto.

        Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
        better error messages.

        * wtf/Assertions.h:
        Use _Static_assert if it is available.

        * wtf/Compiler.h:
        Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.

2012-02-13  Mario Sanchez Prada  <msanchez@igalia.com>

        [GTK] Add GSList to the list of GObject types in GOwnPtr
        https://bugs.webkit.org/show_bug.cgi?id=78487

        Reviewed by Philippe Normand.

        Handle the GSList type in GOwnPtr, by calling g_slist_free in the
        implementation of the freeOwnedGPtr template function.

        * wtf/gobject/GOwnPtr.cpp:
        (WTF::GSList):
        (WTF):
        * wtf/gobject/GOwnPtr.h:
        (WTF):
        * wtf/gobject/GTypedefs.h:

2012-02-06  Raphael Kubo da Costa  <kubo@profusion.mobi>

        [EFL] Drop support for the Curl network backend.
        https://bugs.webkit.org/show_bug.cgi?id=77874

        Reviewed by Eric Seidel.

        Nobody seems to be maintaining the Curl backend in WebCore, the
        EFL port developers all seem to be using the Soup backend and the
        port itself has many features which are only implemented for the
        latter.

        * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
        files.

2012-02-13  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed. Build fix for !ENABLE(JIT) after r107485.

        * bytecode/PolymorphicPutByIdList.cpp:

2012-02-13  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=78434
        Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.

        * parser/Parser.cpp:
        (JSC::::parseFunctionInfo):
        * runtime/ClassInfo.h:
        (MethodTable):
        (JSC):
        * runtime/JSCell.cpp:
        (JSC):
        * runtime/JSCell.h:
        (JSCell):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC):
        * runtime/JSGlobalObjectFunctions.h:
        (JSC):
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC):
        (JSC::JSObject::putDirectAccessor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::inlineGetOwnPropertySlot):
        (JSC::JSValue::get):
        * runtime/JSString.cpp:
        (JSC::JSString::getOwnPropertySlot):
        * runtime/JSValue.h:
        (JSValue):
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorGetPrototypeOf):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        * runtime/Structure.h:
        (JSC::Structure::setHasGetterSetterProperties):
        (Structure):

2012-02-12  Ashod Nakashian  <ashodnakashian@yahoo.com>

        KeywordLookupGenerator.py script fails in some cases
        https://bugs.webkit.org/show_bug.cgi?id=77886

        Reviewed by Benjamin Poulain.

        * parser/Keywords.table: Converted to LF-only.

2012-02-12  Shinya Kawanaka  <shinyak@google.com>

        Introduce ShadowRootList.
        https://bugs.webkit.org/show_bug.cgi?id=78069

        Reviewed by Hajime Morita.

        DoublyLinkedList should have tail() method to take the last element.

        * wtf/DoublyLinkedList.h:
        (DoublyLinkedList):
        (WTF::::tail):
        (WTF):

2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>

        [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
        https://bugs.webkit.org/show_bug.cgi?id=78436

        Reviewed by Daniel Bates.

        * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
        and correctly sort the files which start with 'M'.

2012-02-12  Sam Weinig  <sam@webkit.org>

        Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.

        Rubber-stamped by Anders Carlsson.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>

        [CMake] Remove unused or empty variable definitions.
        https://bugs.webkit.org/show_bug.cgi?id=78437

        Reviewed by Daniel Bates.

        * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
        * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
        * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
        be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).

2012-02-12  Filip Pizlo  <fpizlo@apple.com>

        DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
        https://bugs.webkit.org/show_bug.cgi?id=78431

        Reviewed by Gavin Barraclough.

        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):

2012-02-11  Benjamin Poulain  <benjamin@webkit.org>

        Add back WTFURL to WebKit
        https://bugs.webkit.org/show_bug.cgi?id=77291

        Reviewed by Adam Barth.

        WTFURL was removed from WebKit in r86787.

        This patch adds the code back to WTF with the following changes:
        -Guard the feature with USE(WTFURL).
        -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
        -Fix some coding style to make check-webkit-style happy.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/Platform.h:
        * wtf/url/api/ParsedURL.cpp: Added.
        (WTF):
        (WTF::ParsedURL::ParsedURL):
        (WTF::ParsedURL::scheme):
        (WTF::ParsedURL::username):
        (WTF::ParsedURL::password):
        (WTF::ParsedURL::host):
        (WTF::ParsedURL::port):
        (WTF::ParsedURL::path):
        (WTF::ParsedURL::query):
        (WTF::ParsedURL::fragment):
        (WTF::ParsedURL::segment):
        * wtf/url/api/ParsedURL.h: Added.
        (WTF):
        (ParsedURL):
        (WTF::ParsedURL::spec):
        * wtf/url/api/URLString.h: Added.
        (WTF):
        (URLString):
        (WTF::URLString::URLString):
        (WTF::URLString::string):
        * wtf/url/src/RawURLBuffer.h: Added.
        (WTF):
        (RawURLBuffer):
        (WTF::RawURLBuffer::RawURLBuffer):
        (WTF::RawURLBuffer::~RawURLBuffer):
        (WTF::RawURLBuffer::resize):
        * wtf/url/src/URLBuffer.h: Added.
        (WTF):
        (URLBuffer):
        (WTF::URLBuffer::URLBuffer):
        (WTF::URLBuffer::~URLBuffer):
        (WTF::URLBuffer::at):
        (WTF::URLBuffer::set):
        (WTF::URLBuffer::capacity):
        (WTF::URLBuffer::length):
        (WTF::URLBuffer::data):
        (WTF::URLBuffer::setLength):
        (WTF::URLBuffer::append):
        (WTF::URLBuffer::grow):
        * wtf/url/src/URLCharacterTypes.cpp: Added.
        (WTF):
        ():
        * wtf/url/src/URLCharacterTypes.h: Added.
        (WTF):
        (URLCharacterTypes):
        (WTF::URLCharacterTypes::isQueryChar):
        (WTF::URLCharacterTypes::isIPv4Char):
        (WTF::URLCharacterTypes::isHexChar):
        ():
        (WTF::URLCharacterTypes::isCharOfType):
        * wtf/url/src/URLComponent.h: Added.
        (WTF):
        (URLComponent):
        (WTF::URLComponent::URLComponent):
        (WTF::URLComponent::fromRange):
        (WTF::URLComponent::isValid):
        (WTF::URLComponent::isNonEmpty):
        (WTF::URLComponent::isEmptyOrInvalid):
        (WTF::URLComponent::reset):
        (WTF::URLComponent::operator==):
        (WTF::URLComponent::begin):
        (WTF::URLComponent::setBegin):
        (WTF::URLComponent::length):
        (WTF::URLComponent::setLength):
        (WTF::URLComponent::end):
        * wtf/url/src/URLEscape.cpp: Added.
        (WTF):
        ():
        * wtf/url/src/URLEscape.h: Added.
        (WTF):
        (WTF::appendURLEscapedCharacter):
        * wtf/url/src/URLParser.h: Added.
        (WTF):
        (URLParser):
        ():
        (WTF::URLParser::isPossibleAuthorityTerminator):
        (WTF::URLParser::parseAuthority):
        (WTF::URLParser::extractScheme):
        (WTF::URLParser::parseAfterScheme):
        (WTF::URLParser::parseStandardURL):
        (WTF::URLParser::parsePath):
        (WTF::URLParser::parsePathURL):
        (WTF::URLParser::parseMailtoURL):
        (WTF::URLParser::parsePort):
        (WTF::URLParser::extractFileName):
        (WTF::URLParser::extractQueryKeyValue):
        (WTF::URLParser::isURLSlash):
        (WTF::URLParser::shouldTrimFromURL):
        (WTF::URLParser::trimURL):
        (WTF::URLParser::consecutiveSlashes):
        (WTF::URLParser::isPortDigit):
        (WTF::URLParser::nextAuthorityTerminator):
        (WTF::URLParser::parseUserInfo):
        (WTF::URLParser::parseServerInfo):
        * wtf/url/src/URLQueryCanonicalizer.h: Added.
        (WTF):
        (URLQueryCanonicalizer):
        (WTF::URLQueryCanonicalizer::canonicalize):
        (WTF::URLQueryCanonicalizer::isAllASCII):
        (WTF::URLQueryCanonicalizer::isRaw8Bit):
        (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
        (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
        * wtf/url/src/URLSegments.cpp: Added.
        (WTF):
        (WTF::URLSegments::length):
        (WTF::URLSegments::charactersBefore):
        * wtf/url/src/URLSegments.h: Added.
        (WTF):
        (URLSegments):
        ():
        (WTF::URLSegments::URLSegments):

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
        https://bugs.webkit.org/show_bug.cgi?id=78430
        <rdar://problem/10849469> <rdar://problem/10849684>

        Reviewed by Gavin Barraclough.
        
        The old JIT's put_by_id transition caching involves repatching the slow call to
        a generated stub. That means that the call is counted as "slow case". So, this
        patch inserts code to decrement the slow case count if the stub succeeds.
        
        Looks like a ~1% speed-up on V8.

        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        Build fix for Qt.

        * wtf/DataLog.h:

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        It should be possible to send all JSC debug logging to a file
        https://bugs.webkit.org/show_bug.cgi?id=78418

        Reviewed by Sam Weinig.
        
        Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
        and WTF::dataLogV. Changed all debugging- and profiling-related printfs
        to use WTF::dataLog() or one of its friends. By default, debug logging
        goes to stderr, unless you change the setting in wtf/DataLog.cpp.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::dumpLinkStatistics):
        (JSC::LinkBuffer::dumpCode):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::vprintfStdoutInstr):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::printUnaryOp):
        (JSC::CodeBlock::printBinaryOp):
        (JSC::CodeBlock::printConditionalJump):
        (JSC::CodeBlock::printGetByIdOp):
        (JSC::CodeBlock::printCallOp):
        (JSC::CodeBlock::printPutByIdOp):
        (JSC::printGlobalResolveInfo):
        (JSC::printStructureStubInfo):
        (JSC::CodeBlock::printStructure):
        (JSC::CodeBlock::printStructures):
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::dumpStatistics):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::shouldOptimizeNow):
        (JSC::CodeBlock::tallyFrequentExitSites):
        (JSC::CodeBlock::dumpValueProfiles):
        * bytecode/Opcode.cpp:
        (JSC::OpcodeStats::~OpcodeStats):
        * bytecode/SamplingTool.cpp:
        (JSC::SamplingFlags::stop):
        (JSC::SamplingRegion::dumpInternal):
        (JSC::SamplingTool::dump):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::endBasicBlock):
        (JSC::DFG::AbstractState::mergeStateAtTail):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
        (JSC::DFG::ByteCodeParser::makeSafe):
        (JSC::DFG::ByteCodeParser::makeDivSafe):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::processPhiStack):
        (JSC::DFG::ByteCodeParser::linkBlock):
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGCommon.h:
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::printWhiteSpace):
        (JSC::DFG::Graph::dumpCodeOrigin):
        (JSC::DFG::Graph::dump):
        (JSC::DFG::Graph::predictArgumentTypes):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOperations.cpp:
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::fixpoint):
        (JSC::DFG::Propagator::propagateArithNodeFlags):
        (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
        (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::propagatePredictionsForward):
        (JSC::DFG::Propagator::propagatePredictionsBackward):
        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
        (JSC::DFG::Propagator::fixupNode):
        (JSC::DFG::Propagator::fixup):
        (JSC::DFG::Propagator::startIndexForChildren):
        (JSC::DFG::Propagator::endIndexForPureCSE):
        (JSC::DFG::Propagator::setReplacement):
        (JSC::DFG::Propagator::eliminate):
        (JSC::DFG::Propagator::performNodeCSE):
        (JSC::DFG::Propagator::localCSE):
        (JSC::DFG::Propagator::allocateVirtualRegisters):
        (JSC::DFG::Propagator::performBlockCFA):
        (JSC::DFG::Propagator::performForwardCFA):
        * dfg/DFGRegisterBank.h:
        (JSC::DFG::RegisterBank::dump):
        * dfg/DFGScoreBoard.h:
        (JSC::DFG::ScoreBoard::dump):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::dump):
        (JSC::DFG::SpeculativeJIT::checkConsistency):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
        * heap/Heap.cpp:
        (JSC::Heap::destroy):
        * heap/MarkedBlock.h:
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::dumpCaller):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::dumpRegisters):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        (JSC::JIT::privateCompile):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * profiler/Profile.cpp:
        (JSC::Profile::debugPrintData):
        (JSC::Profile::debugPrintDataSampleStyle):
        * profiler/ProfileNode.cpp:
        (JSC::ProfileNode::debugPrintData):
        (JSC::ProfileNode::debugPrintDataSampleStyle):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::dumpRegExpTrace):
        * runtime/RegExp.cpp:
        (JSC::RegExp::matchCompareWithInterpreter):
        * runtime/SamplingCounter.cpp:
        (JSC::AbstractSamplingCounter::dump):
        * runtime/SamplingCounter.h:
        (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/Structure.cpp:
        (JSC::Structure::dumpStatistics):
        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
        * tools/CodeProfile.cpp:
        (JSC::CodeProfile::report):
        * tools/ProfileTreeNode.h:
        (JSC::ProfileTreeNode::dumpInternal):
        * wtf/CMakeLists.txt:
        * wtf/DataLog.cpp: Added.
        (WTF):
        (WTF::initializeLogFileOnce):
        (WTF::initializeLogFile):
        (WTF::dataFile):
        (WTF::dataLogV):
        (WTF::dataLog):
        * wtf/DataLog.h: Added.
        (WTF):
        * wtf/HashTable.cpp:
        (WTF::HashTableStats::~HashTableStats):
        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocator::dumpProfile):
        * wtf/text/WTFString.cpp:
        (String::show):
        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::ByteCompiler::dumpDisjunction):

2012-02-11  Gavin Barraclough  <barraclough@apple.com>

        Move special __proto__ property to Object.prototype
        https://bugs.webkit.org/show_bug.cgi?id=78409

        Reviewed by Oliver Hunt.

        Re-implement this as a regular accessor property.  This has three key benefits:
        1) It makes it possible for objects to be given properties named __proto__.
        2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
        3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.

        * parser/Parser.cpp:
        (JSC::::parseFunctionInfo):
            - No need to prohibit functions named __proto__.
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
            - Add __proto__ accessor to Object.prototype.
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncProtoGetter):
        (JSC::globalFuncProtoSetter):
            - Definition of the __proto__ accessor functions.
        * runtime/JSGlobalObjectFunctions.h:
            - Declaration of the __proto__ accessor functions.
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
            - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
        (JSC::JSObject::putDirectAccessor):
            - Track on the structure whether an object contains accessors other than one for __proto__.
        (JSC::JSObject::defineOwnProperty):
            - No need to prohibit definition of own properties named __proto__.
        * runtime/JSObject.h:
        (JSC::JSObject::inlineGetOwnPropertySlot):
            - Remove the special handling for __proto__.
        (JSC::JSValue::get):
            - Remove the special handling for __proto__.
        * runtime/JSString.cpp:
        (JSC::JSString::getOwnPropertySlot):
            - Remove the special handling for __proto__.
        * runtime/JSValue.h:
        (JSValue):
            - Made synthesizePrototype public (this may be needed by the __proto__ getter).
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorGetPrototypeOf):
            - Perform the security check & call prototype() directly.
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
        * runtime/Structure.h:
        (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
        (JSC::Structure::setHasGetterSetterProperties):
        (Structure):
            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        DFG CFA assumes that a WeakJSConstant's structure is known
        https://bugs.webkit.org/show_bug.cgi?id=78428
        <rdar://problem/10849492> <rdar://problem/10849621>

        Reviewed by Gavin Barraclough.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):

2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>

        Qt debug build fix

        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate 
        JSFinalObjects in the destuctor subspace, so we should remove this assert so it 
        doesn't cause crashes.

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        Old 32_64 JIT should assert that its use of map() is consistent with the DFG
        OSR exit's expectations
        https://bugs.webkit.org/show_bug.cgi?id=78419
        <rdar://problem/10817121>

        Reviewed by Oliver Hunt.

        * jit/JITInlineMethods.h:
        (JSC::JIT::map):

2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>

        Reduce the reentrancy limit of the interpreter for the iOS simulator
        https://bugs.webkit.org/show_bug.cgi?id=78400

        Reviewed by Gavin Barraclough.

        * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
        (JSC):

2012-02-11  Filip Pizlo  <fpizlo@apple.com>

        [DFG] Misuse of WeakJSConstants in silentFillGPR code.
        https://bugs.webkit.org/show_bug.cgi?id=78423
        <rdar://problem/10849353> <rdar://problem/10804043>

        Reviewed by Sam Weinig.
        
        The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
        This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
        hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?

        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::silentFillGPR):

2012-02-11  Sam Weinig  <sam@webkit.org>

        Prepare JavaScriptCore to build with libc++
        <rdar://problem/10426673>
        https://bugs.webkit.org/show_bug.cgi?id=78424

        Reviewed by Anders Carlsson.

        * wtf/NullPtr.cpp:
        * wtf/NullPtr.h:
        libc++ provides std::nullptr emulation, so we don't have to.

2012-02-07  Filip Pizlo  <fpizlo@apple.com>

        DFG should have polymorphic put_by_id caching
        https://bugs.webkit.org/show_bug.cgi?id=78062
        <rdar://problem/10326439> <rdar://problem/10824839>

        Reviewed by Oliver Hunt.
        
        Implemented polymorphic put_by_id caching in the DFG, and added much of the
        machinery that would be needed to implement it in the old JIT as well.
        
        I decided against using the old PolymorphicAccessStructureList mechanism as
        this didn't quite fit with put_by_id. In particular, I wanted the ability to
        have one list that captured all relevant cases (including proto put_by_id
        if we ever decided to do it). And I wanted the code to have better
        encapsulation. And I didn't want to get confused by the fact that the
        original (non-list) put_by_id cache may itself consist of a stub routine.
        
        This code is still sub-optimal (for example adding a replace to a list whose
        previous elements are all transitions should just repatch the original code,
        but here it will generate a stub) but it already generates a >20% speed-up
        on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/PolymorphicPutByIdList.cpp: Added.
        (JSC):
        (JSC::PutByIdAccess::fromStructureStubInfo):
        (JSC::PutByIdAccess::visitWeak):
        (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
        (JSC::PolymorphicPutByIdList::from):
        (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
        (JSC::PolymorphicPutByIdList::isFull):
        (JSC::PolymorphicPutByIdList::isAlmostFull):
        (JSC::PolymorphicPutByIdList::addAccess):
        (JSC::PolymorphicPutByIdList::visitWeak):
        * bytecode/PolymorphicPutByIdList.h: Added.
        (JSC):
        (PutByIdAccess):
        (JSC::PutByIdAccess::PutByIdAccess):
        (JSC::PutByIdAccess::transition):
        (JSC::PutByIdAccess::replace):
        (JSC::PutByIdAccess::isSet):
        (JSC::PutByIdAccess::operator!):
        (JSC::PutByIdAccess::type):
        (JSC::PutByIdAccess::isTransition):
        (JSC::PutByIdAccess::isReplace):
        (JSC::PutByIdAccess::oldStructure):
        (JSC::PutByIdAccess::structure):
        (JSC::PutByIdAccess::newStructure):
        (JSC::PutByIdAccess::chain):
        (JSC::PutByIdAccess::stubRoutine):
        (PolymorphicPutByIdList):
        (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
        (JSC::PolymorphicPutByIdList::isEmpty):
        (JSC::PolymorphicPutByIdList::size):
        (JSC::PolymorphicPutByIdList::at):
        (JSC::PolymorphicPutByIdList::operator[]):
        (JSC::PolymorphicPutByIdList::kind):
        * bytecode/PutKind.h: Added.
        (JSC):
        * bytecode/StructureStubInfo.cpp:
        (JSC::StructureStubInfo::deref):
        (JSC::StructureStubInfo::visitWeakReferences):
        * bytecode/StructureStubInfo.h:
        (JSC):
        (JSC::isPutByIdAccess):
        (JSC::StructureStubInfo::initPutByIdList):
        (StructureStubInfo):
        (JSC::StructureStubInfo::reset):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        (DFG):
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::appropriateGenericPutByIdFunction):
        (JSC::DFG::appropriateListBuildingPutByIdFunction):
        (DFG):
        (JSC::DFG::emitPutReplaceStub):
        (JSC::DFG::emitPutTransitionStub):
        (JSC::DFG::tryCachePutByID):
        (JSC::DFG::dfgRepatchPutByID):
        (JSC::DFG::tryBuildPutByIdList):
        (JSC::DFG::dfgBuildPutByIdList):
        (JSC::DFG::dfgResetPutByID):
        * dfg/DFGRepatch.h:
        (DFG):
        * runtime/WriteBarrier.h:
        (WriteBarrierBase):
        (JSC::WriteBarrierBase::copyFrom):

2012-02-10  Vineet Chaudhary  <rgf748@motorola.com>

        https://bugs.webkit.org/show_bug.cgi?id=72756
        DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it 

        Reviewed by Timothy Hatcher.

        * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
          AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.

2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>

        Fixing windows build

        Unreviewed build fix

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-02-10  Adam Klein  <adamk@chromium.org>

        Enable MUTATION_OBSERVERS by default on all platforms
        https://bugs.webkit.org/show_bug.cgi?id=78196

        Reviewed by Ojan Vafai.

        * Configurations/FeatureDefines.xcconfig:

2012-02-10  Yong Li  <yoli@rim.com>

        ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
        https://bugs.webkit.org/show_bug.cgi?id=76724

        Reviewed by Rob Buis.

        This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
        The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
        So it can leave pages behind that are not set back to default flags. When an assembly on one of those
        pages is executed or JIT returns to those pages in the case it was already executing from there, the
        software will crash.

        * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
        (JSC::LinkBuffer::LinkBuffer):
        (JSC::LinkBuffer::linkCode):
        (JSC::LinkBuffer::performFinalization):
        (LinkBuffer):

2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>

        Split MarkedSpace into destructor and destructor-free subspaces
        https://bugs.webkit.org/show_bug.cgi?id=77761

        Reviewed by Geoffrey Garen.

        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
        * heap/Heap.h:
        (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
        pick which subspace they want to allocate out of.
        (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
        (Heap):
        (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
        (JSC):
        (JSC::Heap::allocateWithoutDestructor): Ditto.
        * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
        their MarkedBlocks correctly.
        (JSC::MarkedAllocator::allocateBlock):
        * heap/MarkedAllocator.h:
        (JSC::MarkedAllocator::cellsNeedDestruction):
        (MarkedAllocator):
        (JSC::MarkedAllocator::MarkedAllocator):
        (JSC):
        (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
        an init function that does all of that stuff in fewer lines.
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::create):
        (JSC::MarkedBlock::recycle):
        (JSC::MarkedBlock::MarkedBlock):
        (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
        checking the m_cellsNeedDestructor flag faster and cleaner looking.
        (JSC):
        (JSC::MarkedBlock::specializedSweep):
        (JSC::MarkedBlock::sweep):
        (JSC::MarkedBlock::sweepHelper):
        * heap/MarkedBlock.h:
        (MarkedBlock):
        (JSC::MarkedBlock::cellsNeedDestruction):
        (JSC):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::resetAllocators):
        (JSC::MarkedSpace::canonicalizeCellLivenessData):
        (JSC::TakeIfUnmarked::operator()):
        * heap/MarkedSpace.h:
        (MarkedSpace):
        (Subspace):
        (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
        allocators.
        (JSC):
        (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
        (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
        (JSC::MarkedSpace::allocateWithDestructor): Ditto.
        (JSC::MarkedSpace::forEachBlock):
        * jit/JIT.h:
        * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
        (JSC::JIT::emitAllocateBasicJSObject):
        (JSC::JIT::emitAllocateJSFinalObject):
        (JSC::JIT::emitAllocateJSFunction):
        * runtime/JSArray.cpp:
        (JSC):
        * runtime/JSArray.h:
        (JSArray):
        (JSC::JSArray::create):
        (JSC):
        (JSC::JSArray::tryCreateUninitialized):
        * runtime/JSCell.h:
        (JSCell):
        (JSC):
        (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
        destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
        constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
        (JSC::allocateCell): 
        * runtime/JSFunction.cpp:
        (JSC):
        * runtime/JSFunction.h:
        (JSFunction):
        * runtime/JSObject.cpp:
        (JSC):
        * runtime/JSObject.h:
        (JSNonFinalObject):
        (JSC):
        (JSFinalObject):
        (JSC::JSFinalObject::create):

2012-02-10  Adrienne Walker  <enne@google.com>

        Remove implicit copy constructor usage in HashMaps with OwnPtr
        https://bugs.webkit.org/show_bug.cgi?id=78071

        Reviewed by Darin Adler.

        Change the return type of emptyValue() in PairHashTraits to be the
        actual type returned rather than the trait type to avoid an implicit
        generation of the OwnPtr copy constructor. This happens for hash
        traits involving OwnPtr where the empty value is not zero and each
        hash bucket needs to be initialized with emptyValue().

        Also, update StructureTransitionTable to use default hash traits
        rather than rolling its own, in order to update it to handle
        EmptyValueType.

        Test: patch from bug 74154 compiles on Clang with this patch

        * runtime/StructureTransitionTable.h:
        (StructureTransitionTable):
        * wtf/HashTraits.h:
        (GenericHashTraits):
        (PairHashTraits):
        (WTF::PairHashTraits::emptyValue):

2012-02-10  Aron Rosenberg  <arosenberg@logitech.com>

        [Qt] Fix compiler warning in Visual Studio 2010 about TR1
        https://bugs.webkit.org/show_bug.cgi?id=63642

        Reviewed by Simon Hausmann.

        * JavaScriptCore.pri:

2012-02-10  Michael Saboff  <msaboff@apple.com>

        Yarr assert with regexp where alternative in *-quantified group matches empty
        https://bugs.webkit.org/show_bug.cgi?id=67752        

        Reviewed by Gavin Barraclough.

        Added backtracking for the prior alternative if it matched
        but didn't consume any input characters.

        * yarr/YarrJIT.cpp:
        (YarrOp): New jump.
        (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
        when an alternative matches and no input was consumed.  Moved the
        zero length match check for a set of alternatives to the alternative
        code from the parentheses cases to the alternative end cases.
        Converted the existing zero length checks in the parentheses cases
        to runtime assertion checks.
        (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
        to prior term.

2012-02-10  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        [Qt] GC should be parallel on Qt platform
        https://bugs.webkit.org/show_bug.cgi?id=73309

        Reviewed by Zoltan Herczeg.

        These changes made the parallel gc feature available for Qt port.
        The implementation of "registerGCThread" and "isMainThreadOrGCThread",
        and a local static function [initializeGCThreads] is moved from
        MainThreadMac.mm to the common MainThread.cpp to make them available
        for other platforms.

        Measurement results:
        V8           speed-up:  1.025x as fast  [From: 663.4ms  To: 647.0ms ]
        V8 Splay     speed-up:  1.185x as fast  [From: 138.4ms  To: 116.8ms ]

        Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.

        * JavaScriptCore.order:
        * wtf/MainThread.cpp:
        (WTF::initializeMainThread):
        (WTF):
        (WTF::initializeGCThreads):
        (WTF::registerGCThread):
        (WTF::isMainThreadOrGCThread):
        * wtf/MainThread.h:
        (WTF):
        * wtf/Platform.h:
        * wtf/mac/MainThreadMac.mm:
        (WTF):

2012-02-09  Andy Wingo  <wingo@igalia.com>

        Eliminate dead code in BytecodeGenerator::resolve()
        https://bugs.webkit.org/show_bug.cgi?id=78242

        Reviewed by Gavin Barraclough.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::resolve):
        BytecodeGenerator::shouldOptimizeLocals() is only true for
        FunctionCode, and thus cannot be true for GlobalCode.

2012-02-09  Andy Wingo  <wingo@igalia.com>

        Remove BytecodeGenerator::isLocal
        https://bugs.webkit.org/show_bug.cgi?id=78241

        Minor refactor to BytecodeGenerator.

        Reviewed by Gavin Barraclough.

        * bytecompiler/BytecodeGenerator.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::isLocal):
        (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
        methods.
        * bytecompiler/NodesCodegen.cpp:
        (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
        instead of isLocal.  This will recognize more resolve nodes as
        being pure.
        (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
        location instead of isLocalConstant.

2012-02-09  Oliver Hunt  <oliver@apple.com>

        The JS Parser scope object needs a VectorTrait specialization
        https://bugs.webkit.org/show_bug.cgi?id=78308

        Reviewed by Gavin Barraclough.

        This showed up as a periodic crash in various bits of generated code
        originally, but I've added an assertion in the bytecode generator
        that makes the effected code much more crash-happy should it go
        wrong again.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::resolve):
        * parser/Parser.cpp:
        * parser/Parser.h:
        (JSC):
        * runtime/JSActivation.h:
        (JSC::JSActivation::isValidScopedLookup):
        (JSActivation):

2012-02-08  Oliver Hunt  <oliver@apple.com>

        Whoops, fix the build.

        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::FunctionExecutable):

2012-02-08  Oliver Hunt  <oliver@apple.com>

        Fix issue encountered while debugging stacktraces
        https://bugs.webkit.org/show_bug.cgi?id=78147

        Reviewed by Gavin Barraclough.

        Debugging is easier if we always ensure that we have a non-null
        inferred name.

        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::FunctionExecutable):

2012-02-08  Oliver Hunt  <oliver@apple.com>

        updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
        https://bugs.webkit.org/show_bug.cgi?id=78145

        Reviewed by Gavin Barraclough.

        Fix the updateTopCallFrame helper to store additional information
        that becomes necessary when we are trying to provide more stack
        frame information.

        * interpreter/CallFrame.h:
        (JSC::ExecState::bytecodeOffsetForBaselineJIT):
        (ExecState):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        (JSC::JIT::compileGetByIdProto):
        (JSC::JIT::compileGetByIdSelfList):
        (JSC::JIT::compileGetByIdProtoList):
        (JSC::JIT::compileGetByIdChainList):
        (JSC::JIT::compileGetByIdChain):
        (JSC::JIT::compilePutByIdTransition):
        (JIT):
        * jit/JITInlineMethods.h:
        (JSC::JIT::updateTopCallFrame):

2012-02-07  Robert Kroeger  <rjkroege@chromium.org>

        [chromium] Remove the enable marcro for the no longer necessary Chromium
        gesture recognizer.
        https://bugs.webkit.org/show_bug.cgi?id=77492

        Reviewed by Adam Barth.

        * wtf/Platform.h:

2012-02-07  Tony Chang  <tony@chromium.org>

        merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
        https://bugs.webkit.org/show_bug.cgi?id=78036

        Reviewed by Darin Adler.

        * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.

2012-02-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        [CMAKE] Use *bin* and *lib* directories for executable and libraries.
        https://bugs.webkit.org/show_bug.cgi?id=77928

        Reviewed by Daniel Bates.

        CMake has used *Programs* directory for executable. In addition, shared libraries are being
        built in source directory. It is better to set common places in order to maintain executable
        and libraries. *bin* is for executable and *lib* is for library.

        * shell/CMakeLists.txt: Change *Programs* with *bin*.

2012-02-07  Gavin Barraclough  <barraclough@apple.com>

        Crash on http://www.rickshawbags.com/
        https://bugs.webkit.org/show_bug.cgi?id=78045

        Reviewed by Darin Adler.

        Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
        
        This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
        isVariableObject() checks were excluding StaticScopeObjects, this patch
        inadvertently changed them to be included.

        * runtime/JSType.h:
            - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
              and thus is excluded from isVariableObject() checks.

2012-02-06  Jer Noble  <jer.noble@apple.com>

        Use CMClock as a timing source for PlatformClock where available.
        https://bugs.webkit.org/show_bug.cgi?id=77885

        Reviewed by Eric Carlson.

        * wtf/Platform.h: Added WTF_USE_COREMEDIA.

2012-02-06  Filip Pizlo  <fpizlo@apple.com>

        ValueToNumber and ValueToDouble nodes don't do anything and should be removed
        https://bugs.webkit.org/show_bug.cgi?id=77855
        <rdar://problem/10811325>

        Reviewed by Gavin Barraclough.
        
        Removed ValueToNumber and ValueToDouble, because the only thing they were doing
        was wasting registers.
        
        This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
        mostly due to a >10% win on gaussian-blur. No win anywhere else.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getToInt32):
        (ByteCodeParser):
        (JSC::DFG::ByteCodeParser::handleMinMax):
        (JSC::DFG::ByteCodeParser::handleIntrinsic):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGNode.h:
        (DFG):
        (JSC::DFG::Node::hasArithNodeFlags):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateArithNodeFlags):
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::vote):
        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
        (Propagator):
        (JSC::DFG::Propagator::fixupNode):
        (JSC::DFG::Propagator::canonicalize):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2012-02-06  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix after r106197.

        * tools/CodeProfiling.cpp:
        (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.

2012-02-05  Gavin Barraclough  <barraclough@apple.com>

        Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
        https://bugs.webkit.org/show_bug.cgi?id=77451

        Reviewed by Sam Weinig.

        These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
        Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.

        * JavaScriptCore.exp:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::defineOwnProperty):
        * debugger/DebuggerActivation.h:
        (DebuggerActivation):
        * runtime/ClassInfo.h:
        (MethodTable):
        (JSC):
        * runtime/JSBoundFunction.cpp:
        (JSC::JSBoundFunction::finishCreation):
        * runtime/JSCell.cpp:
        (JSC):
        * runtime/JSCell.h:
        (JSCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getOwnPropertyDescriptor):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::defineOwnProperty):
        (JSC):
        * runtime/JSGlobalObject.h:
        (JSGlobalObject):
        * runtime/JSObject.cpp:
        (JSC):
        * runtime/JSObject.h:
        (JSObject):
        * runtime/ObjectPrototype.cpp:
        (JSC::objectProtoFuncDefineGetter):
        (JSC::objectProtoFuncDefineSetter):
        (JSC::objectProtoFuncLookupGetter):
        (JSC::objectProtoFuncLookupSetter):

2012-02-06  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing files.

2012-02-05  Filip Pizlo  <fpizlo@apple.com>

        DFG's child references from one node to another should have room for type information
        https://bugs.webkit.org/show_bug.cgi?id=77797

        Reviewed by Oliver Hunt.
        
        The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
        and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
        together as a DFG::NodeUse, which can in most cases still be used as an index (for
        example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
        where they really want a NodeIndex).
        
        The NodeUse stores both the index and the UseKind without bloating the memory usage of
        DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
        roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
        something - likely a sensible assumption! - then we will only be able to have room for
        about 24 million nodes, which means we only need about 24.5 bits for the node index).
        Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
        but stores the index as a signed number to make NoNode work naturally. Hence we really
        just have 27 bits for the index.
        
        This is performance-neutral on all benchmarks we track.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGAbstractState.h:
        (JSC::DFG::AbstractState::forNode):
        (AbstractState):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::getLocal):
        (JSC::DFG::ByteCodeParser::getArgument):
        (JSC::DFG::ByteCodeParser::toInt32):
        (JSC::DFG::ByteCodeParser::addVarArgChild):
        (JSC::DFG::ByteCodeParser::processPhiStack):
        * dfg/DFGCommon.h:
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        (DFG):
        * dfg/DFGGraph.h:
        (Graph):
        (JSC::DFG::Graph::operator[]):
        (JSC::DFG::Graph::at):
        (JSC::DFG::Graph::ref):
        (JSC::DFG::Graph::deref):
        (JSC::DFG::Graph::clearAndDerefChild1):
        (JSC::DFG::Graph::clearAndDerefChild2):
        (JSC::DFG::Graph::clearAndDerefChild3):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::getPrediction):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::Node):
        (JSC::DFG::Node::child1):
        (JSC::DFG::Node::child1Unchecked):
        (JSC::DFG::Node::child2):
        (JSC::DFG::Node::child3):
        (JSC::DFG::Node::firstChild):
        (JSC::DFG::Node::numChildren):
        (JSC::DFG::Node::dumpChildren):
        (Node):
        * dfg/DFGNodeReferenceBlob.h: Added.
        (DFG):
        (NodeReferenceBlob):
        (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
        (JSC::DFG::NodeReferenceBlob::child):
        (JSC::DFG::NodeReferenceBlob::child1):
        (JSC::DFG::NodeReferenceBlob::child2):
        (JSC::DFG::NodeReferenceBlob::child3):
        (JSC::DFG::NodeReferenceBlob::child1Unchecked):
        (JSC::DFG::NodeReferenceBlob::initialize):
        (JSC::DFG::NodeReferenceBlob::firstChild):
        (JSC::DFG::NodeReferenceBlob::setFirstChild):
        (JSC::DFG::NodeReferenceBlob::numChildren):
        (JSC::DFG::NodeReferenceBlob::setNumChildren):
        * dfg/DFGNodeUse.h: Added.
        (DFG):
        (NodeUse):
        (JSC::DFG::NodeUse::NodeUse):
        (JSC::DFG::NodeUse::indexUnchecked):
        (JSC::DFG::NodeUse::index):
        (JSC::DFG::NodeUse::setIndex):
        (JSC::DFG::NodeUse::useKind):
        (JSC::DFG::NodeUse::setUseKind):
        (JSC::DFG::NodeUse::isSet):
        (JSC::DFG::NodeUse::operator!):
        (JSC::DFG::NodeUse::operator==):
        (JSC::DFG::NodeUse::operator!=):
        (JSC::DFG::NodeUse::shift):
        (JSC::DFG::NodeUse::makeWord):
        (JSC::DFG::operator==):
        (JSC::DFG::operator!=):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateArithNodeFlags):
        (JSC::DFG::Propagator::vote):
        (JSC::DFG::Propagator::toDouble):
        (JSC::DFG::Propagator::fixupNode):
        (JSC::DFG::Propagator::canonicalize):
        (JSC::DFG::Propagator::startIndex):
        (JSC::DFG::Propagator::globalVarLoadElimination):
        (JSC::DFG::Propagator::getByValLoadElimination):
        (JSC::DFG::Propagator::getByOffsetLoadElimination):
        (JSC::DFG::Propagator::performSubstitution):
        (JSC::DFG::Propagator::performNodeCSE):
        * dfg/DFGScoreBoard.h:
        (JSC::DFG::ScoreBoard::use):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::useChildren):
        (JSC::DFG::SpeculativeJIT::writeBarrier):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
        (JSC::DFG::SpeculativeJIT::compileMovHint):
        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
        (JSC::DFG::SpeculativeJIT::compileAdd):
        (JSC::DFG::SpeculativeJIT::compileArithSub):
        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
        (JSC::DFG::SpeculativeJIT::compileStrictEq):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::at):
        (JSC::DFG::SpeculativeJIT::canReuse):
        (JSC::DFG::SpeculativeJIT::use):
        (SpeculativeJIT):
        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
        (JSC::DFG::SpeculativeJIT::speculationCheck):
        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
        (JSC::DFG::IntegerOperand::IntegerOperand):
        (JSC::DFG::DoubleOperand::DoubleOperand):
        (JSC::DFG::JSValueOperand::JSValueOperand):
        (JSC::DFG::StorageOperand::StorageOperand):
        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
        (JSC::DFG::SpeculativeJIT::cachedPutById):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        (JSC::DFG::SpeculativeJIT::compileValueAdd):
        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
        (JSC::DFG::SpeculativeJIT::emitBranch):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
        (JSC::DFG::SpeculativeJIT::cachedPutById):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
        (JSC::DFG::SpeculativeJIT::emitCall):
        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
        (JSC::DFG::SpeculativeJIT::compileValueAdd):
        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
        (JSC::DFG::SpeculativeJIT::emitBranch):
        (JSC::DFG::SpeculativeJIT::compile):

2012-02-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        [CMAKE] Support javascriptcore test for EFL port. 
        https://bugs.webkit.org/show_bug.cgi?id=77425

        Reviewed by Daniel Bates.

        Efl and WinCE as well as Blackberry port are now using Cmake as its build system
        and they are share the make file to create jsc excutable. In order to run
        "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
        with executable output directory(e.g. Programs). So, this patch change jsc installation
        configuration only for EFL port.

        * shell/CMakeLists.txt:

2012-02-04  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Sam Weinig.

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
            - Fix comment.

2012-02-04  Kalev Lember  <kalevlember@gmail.com>

        [GTK] CurrentTime: Reorder headers for win32
        https://bugs.webkit.org/show_bug.cgi?id=77808

        Reviewed by Martin Robinson.

        In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
        based on g_get_monotonic_time(). Reorder headers to make sure glib.h
        gets included even when the platform is win32.

        CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
        CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
        CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]

        * wtf/CurrentTime.cpp:

2012-02-03  Anders Carlsson  <andersca@apple.com>

        Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
        https://bugs.webkit.org/show_bug.cgi?id=77788

        Reviewed by Andreas Kling.

        The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to 
        code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.

        * wtf/FastAllocBase.h:

2012-02-03  Rob Buis  <rbuis@rim.com>

        Fix alignment warnings in ARMv7
        https://bugs.webkit.org/show_bug.cgi?id=55368

        Reviewed by Filip Pizlo.

        Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.

        * heap/HandleTypes.h:
        (JSC::HandleTypes::getFromSlot):
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::specializedSweep):
        * heap/MarkedBlock.h:
        (JSC::MarkedBlock::forEachCell):
        * runtime/WriteBarrier.h:
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::unvalidatedGet):

2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>

        Build fix

        Unreviewed build fix

        Forgot to add a couple files.

        * heap/MarkedAllocator.cpp: Added.
        (JSC):
        (JSC::MarkedAllocator::tryAllocateHelper):
        (JSC::MarkedAllocator::tryAllocate):
        (JSC::MarkedAllocator::allocateSlowCase):
        (JSC::MarkedAllocator::allocateBlock):
        (JSC::MarkedAllocator::addBlock):
        (JSC::MarkedAllocator::removeBlock):
        * heap/MarkedAllocator.h: Added.
        (JSC):
        (DFG):
        (MarkedAllocator):
        (JSC::MarkedAllocator::cellSize):
        (JSC::MarkedAllocator::heap):
        (JSC::MarkedAllocator::setHeap):
        (JSC::MarkedAllocator::setCellSize):
        (JSC::MarkedAllocator::setMarkedSpace):
        (JSC::MarkedAllocator::MarkedAllocator):
        (JSC::MarkedAllocator::allocate):
        (JSC::MarkedAllocator::reset):
        (JSC::MarkedAllocator::zapFreeList):
        (JSC::MarkedAllocator::forEachBlock):

2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>

        Refactor MarkedBlock::SizeClass into a separate class
        https://bugs.webkit.org/show_bug.cgi?id=77600

        Reviewed by Geoffrey Garen.

        We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
        the responsibility of allocating objects from the collection of MarkedBlocks 
        that it manages. Also limited the amount of coupling to internal data fields 
        from other places, although it's mostly unavoidable in the JIT code.

        Eventually MarkedAllocator will implement various policies to do with object 
        management, e.g. whether or not to run destructors on objects that it manages.
        MarkedSpace will manage a collection of MarkedAllocators with varying policies,
        as it does now but to a larger extent. 

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
        * heap/Heap.cpp:
        (JSC::Heap::collect):
        (JSC::Heap::resetAllocators):
        * heap/Heap.h:
        (JSC::Heap::allocatorForObject):
        (Heap):
        * heap/MarkedAllocator.cpp: Added.
        (JSC):
        (JSC::MarkedAllocator::tryAllocateHelper):
        (JSC::MarkedAllocator::tryAllocate):
        (JSC::MarkedAllocator::allocateSlowCase):
        (JSC::MarkedAllocator::allocateBlock):
        (JSC::MarkedAllocator::addBlock):
        (JSC::MarkedAllocator::removeBlock):
        * heap/MarkedAllocator.h: Added.
        (JSC):
        (DFG):
        (MarkedAllocator):
        (JSC::MarkedAllocator::cellSize):
        (JSC::MarkedAllocator::heap):
        (JSC::MarkedAllocator::setHeap):
        (JSC::MarkedAllocator::setCellSize):
        (JSC::MarkedAllocator::setMarkedSpace):
        (JSC::MarkedAllocator::MarkedAllocator):
        (JSC::MarkedAllocator::allocate):
        (JSC::MarkedAllocator::reset):
        (JSC::MarkedAllocator::zapFreeList):
        (JSC::MarkedAllocator::forEachBlock):
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::resetAllocators):
        (JSC::MarkedSpace::canonicalizeCellLivenessData):
        (JSC::TakeIfUnmarked::operator()):
        * heap/MarkedSpace.h:
        (MarkedSpace):
        (JSC::MarkedSpace::allocatorFor):
        (JSC::MarkedSpace::allocate):
        (JSC::MarkedSpace::forEachBlock):
        (JSC::MarkedSpace::didAddBlock):
        (JSC::MarkedSpace::didConsumeFreeList):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitAllocateBasicJSObject):

2012-02-03  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
        https://bugs.webkit.org/show_bug.cgi?id=77723

        Reviewed by Tor Arne Vestbø.

        * wtf/Platform.h: Enable use of export macros.

2012-02-02  Hajime Morrita  <morrita@chromium.org>

        Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.

        * interpreter/Interpreter.h:
        (Interpreter):

2012-01-31  Hajime Morrita  <morrita@chromium.org>

        [Mac] eliminate JavaScriptCore.exp
        https://bugs.webkit.org/show_bug.cgi?id=72854

        Reviewed by Darin Adler.

        - Removed exp files and corresponding makefile entries.
        - Changed the build configuration no to use exp file.

        * Configurations/JavaScriptCore.xcconfig:
        * DerivedSources.make:
        * JavaScriptCore.JSVALUE32_64only.exp: Removed.
        * JavaScriptCore.JSVALUE64only.exp: Removed.
        * JavaScriptCore.exp: Removed.
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/Platform.h:

2012-02-02  Benjamin Poulain  <bpoulain@apple.com>

        Running a Web Worker on about:blank crashes the interpreter
        https://bugs.webkit.org/show_bug.cgi?id=77593

        Reviewed by Michael Saboff.

        The method Interpreter::execute() was crashing on empty programs because
        the assumption is made the source is not null.

        This patch shortcut the execution when the String is null to avoid invalid
        memory access.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):

2012-02-02  Kalev Lember  <kalevlember@gmail.com>

        [GTK] Use win32 native threading
        https://bugs.webkit.org/show_bug.cgi?id=77676

        Reviewed by Martin Robinson.

        r97269 switched from glib threading to pthreads, breaking win32 GTK+.
        This is a follow up, removing some leftovers in ThreadSpecific.h and
        switching win32 to use the native threading in ThreadingWin.cpp.

        * GNUmakefile.list.am: Compile in win32 native threading support
        * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
        (ThreadSpecific):
        (WTF::::destroy):

2012-02-02  Filip Pizlo  <fpizlo@apple.com>

        retrieveCallerFromVMCode should call trueCallerFrame
        https://bugs.webkit.org/show_bug.cgi?id=77684

        Reviewed by Oliver Hunt.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::retrieveCallerFromVMCode):

2012-02-02  Kalev Lember  <kalevlember@gmail.com>

        [GTK] Implement current executable path finding for win32
        https://bugs.webkit.org/show_bug.cgi?id=77677

        Reviewed by Martin Robinson.

        The WTF helper for getting the binary path that was added in r101710
        left out the win32 implementation. Fix this.

        * wtf/gobject/GlibUtilities.cpp:
        (getCurrentExecutablePath):

2012-02-02  Filip Pizlo  <fpizlo@apple.com>

        Throwing away bytecode and then reparsing during DFG optimization is just
        plain wrong and makes things crash
        https://bugs.webkit.org/show_bug.cgi?id=77680
        <rdar://problem/10798490>

        Reviewed by Oliver Hunt.

        This is the minimal surgical fix: it removes the code that triggered bytecode
        throw-away. Once we're confident that this is a good idea, we can kill all of
        the code that implements the feature.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::discardBytecodeLater):
        (JSC::CodeBlock::addValueProfile):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):

2012-02-02  Filip Pizlo  <fpizlo@apple.com>

        Release build debugging should be easier
        https://bugs.webkit.org/show_bug.cgi?id=77669

        Reviewed by Gavin Barraclough.

        * assembler/ARMAssembler.h:
        (ARMAssembler):
        (JSC::ARMAssembler::debugOffset):
        * assembler/ARMv7Assembler.h:
        (ARMv7Assembler):
        (JSC::ARMv7Assembler::debugOffset):
        (ARMInstructionFormatter):
        (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
        * assembler/AbstractMacroAssembler.h:
        (AbstractMacroAssembler):
        (JSC::AbstractMacroAssembler::debugOffset):
        * assembler/AssemblerBuffer.h:
        (AssemblerBuffer):
        (JSC::AssemblerBuffer::debugOffset):
        * assembler/LinkBuffer.h:
        (LinkBuffer):
        (JSC::LinkBuffer::debugSize):
        * assembler/MIPSAssembler.h:
        (MIPSAssembler):
        (JSC::MIPSAssembler::debugOffset):
        * assembler/X86Assembler.h:
        (X86Assembler):
        (JSC::X86Assembler::debugOffset):
        (X86InstructionFormatter):
        (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
        * bytecode/CodeBlock.cpp:
        (JSC):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        * bytecode/CodeOrigin.h:
        (CodeOrigin):
        (JSC):
        (JSC::CodeOrigin::inlineStack):
        * bytecode/DFGExitProfile.h:
        (JSC::DFG::exitKindToString):
        * bytecode/DataFormat.h:
        (JSC::dataFormatToString):
        * bytecode/PredictedType.cpp:
        (JSC):
        (JSC::predictionToString):
        * bytecode/PredictedType.h:
        (JSC):
        * bytecode/ValueRecovery.h:
        (ValueRecovery):
        (JSC::ValueRecovery::dump):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC):
        (JSC::BytecodeGenerator::setDumpsGeneratedCode):
        (JSC::BytecodeGenerator::dumpsGeneratedCode):
        (JSC::BytecodeGenerator::generate):
        * dfg/DFGAbstractValue.h:
        (StructureAbstractValue):
        (JSC::DFG::StructureAbstractValue::dump):
        (AbstractValue):
        (JSC::DFG::AbstractValue::dump):
        * dfg/DFGAssemblyHelpers.h:
        (DFG):
        (AssemblyHelpers):
        (JSC::DFG::AssemblyHelpers::debugCall):
        * dfg/DFGFPRInfo.h:
        (FPRInfo):
        (JSC::DFG::FPRInfo::debugName):
        * dfg/DFGGPRInfo.h:
        (GPRInfo):
        (JSC::DFG::GPRInfo::debugName):
        * dfg/DFGGraph.cpp:
        (DFG):
        * dfg/DFGGraph.h:
        (Graph):
        * dfg/DFGNode.h:
        (DFG):
        (JSC::DFG::arithNodeFlagsAsString):
        (Node):
        (JSC::DFG::Node::hasIdentifier):
        (JSC::DFG::Node::dumpChildren):
        * dfg/DFGOSRExit.cpp:
        (DFG):
        (JSC::DFG::OSRExit::dump):
        * dfg/DFGOSRExit.h:
        (OSRExit):
        * runtime/JSValue.cpp:
        (JSC):
        (JSC::JSValue::description):
        * runtime/JSValue.h:
        (JSValue):
        * wtf/BitVector.cpp:
        (WTF):
        (WTF::BitVector::dump):
        * wtf/BitVector.h:
        (BitVector):

2012-02-02  Oliver Hunt  <oliver@apple.com>

        Getters and setters cause line numbers in errors/console.log to be offset for the whole file
        https://bugs.webkit.org/show_bug.cgi?id=77675

        Reviewed by Timothy Hatcher.

        Our default literal parsing logic doesn't handle the extra work required for
        getters and setters.  When it encounters one, it rolls back the lexer and 
        then switches to a more complete parsing function.  Unfortunately it was only
        winding back the character position, and was ignoring the line number and
        other lexer data.  This led to every getter and setter causing the line number
        to be incorrectly incremented leading to increasingly incorrect numbers for
        the rest of the file.

        * parser/Parser.cpp:
        (JSC::::parseObjectLiteral):

2012-02-02  Andy Wingo  <wingo@igalia.com>

        Fix type punning warning in HashTable.h debug builds
        https://bugs.webkit.org/show_bug.cgi?id=77422

        Reviewed by Gavin Barraclough.

        * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
        warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.

2012-02-01  Michael Saboff  <msaboff@apple.com>

        Yarr crash with regexp replace
        https://bugs.webkit.org/show_bug.cgi?id=67454

        Reviewed by Gavin Barraclough.

        Properly handle the case of a back reference to an unmatched
        subpattern by always matching without consuming any characters.

        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::matchBackReference):
        (JSC::Yarr::Interpreter::backtrackBackReference):

2012-02-01  Gavin Barraclough  <barraclough@apple.com>

        calling function on catch block scope containing an eval result in wrong this value being passed
        https://bugs.webkit.org/show_bug.cgi?id=77581

        Reviewed by Oliver Hunt.

        javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }

        * bytecompiler/NodesCodegen.cpp:
        (JSC::TryNode::emitBytecode):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createTryStatement):
        * parser/NodeConstructors.h:
        (JSC::TryNode::TryNode):
        * parser/Nodes.h:
        (TryNode):
        * parser/Parser.cpp:
        (JSC::::parseTryStatement):
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::createTryStatement):
        * runtime/JSObject.h:
        (JSObject):
        (JSC::JSObject::isStaticScopeObject):
        (JSC):

2012-02-01  Oliver Hunt  <oliver@apple.com>

        Add support for inferred function names
        https://bugs.webkit.org/show_bug.cgi?id=77579

        Reviewed by Gavin Barraclough.

        Add new "inferred" names to function expressions, getters, and setters.
        This property is not exposed to JS, so is only visible in the debugger
        and profiler.

        * JavaScriptCore.exp:
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::makeFunction):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::calculatedFunctionName):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createAssignResolve):
        (JSC::ASTBuilder::createGetterOrSetterProperty):
        (JSC::ASTBuilder::createProperty):
        (JSC::ASTBuilder::makeAssignNode):
        * parser/Nodes.h:
        (JSC::FunctionBodyNode::setInferredName):
        (JSC::FunctionBodyNode::inferredName):
        (FunctionBodyNode):
        * profiler/Profiler.cpp:
        (JSC):
        (JSC::Profiler::createCallIdentifier):
        (JSC::createCallIdentifierFromFunctionImp):
        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::FunctionExecutable):
        (JSC::FunctionExecutable::fromGlobalCode):
        * runtime/Executable.h:
        (JSC::FunctionExecutable::create):
        (JSC::FunctionExecutable::inferredName):
        (FunctionExecutable):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::calculatedDisplayName):
        (JSC):
        (JSC::getCalculatedDisplayName):
        * runtime/JSFunction.h:
        (JSC):

2012-02-01  Filip Pizlo  <fpizlo@apple.com>

        DFG should fold double-to-int conversions
        https://bugs.webkit.org/show_bug.cgi?id=77532

        Reviewed by Oliver Hunt.
        
        Performance neutral on major benchmarks. But it makes calling V8's
        Math.random() 4x faster.

        * bytecode/CodeBlock.cpp:
        (JSC):
        (JSC::CodeBlock::addOrFindConstant):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addConstant):
        (CodeBlock):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::toInt32):
        (ByteCodeParser):
        (JSC::DFG::ByteCodeParser::getJSConstantForValue):
        (JSC::DFG::ByteCodeParser::isInt32Constant):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::addShouldSpeculateInteger):
        (Graph):
        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
        (JSC::DFG::Propagator::fixupNode):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileAdd):
        (DFG):
        (JSC::DFG::SpeculativeJIT::compileArithSub):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
        (SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * runtime/JSValueInlineMethods.h:
        (JSC::JSValue::asDouble):

2012-02-01  Filip Pizlo  <fpizlo@apple.com>

        DFG graph dump for GetScopedVar should show the correct prediction
        https://bugs.webkit.org/show_bug.cgi?id=77530

        Reviewed by Geoff Garen.
        
        GetScopedVar has a heap prediction, not a variable prediction. But it does
        have a variable. Hence we need to check for heap predictions before checking
        for variable predictions.

        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):

2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>

        Replace JSArray destructor with finalizer
        https://bugs.webkit.org/show_bug.cgi?id=77488

        Reviewed by Geoffrey Garen.

        * JavaScriptCore.exp:
        * runtime/JSArray.cpp:
        (JSC::JSArray::finalize): Added finalizer.
        (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
        (JSC):
        (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
        (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
        because the old name was confusing because we could have a sparse array that never 
        called enterSparseMode.
        (JSC::JSArray::defineOwnNumericProperty):
        (JSC::JSArray::setLengthWritable):
        (JSC::JSArray::putByIndexBeyondVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::sort):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSArray):

2012-02-01  Andy Wingo  <wingo@igalia.com>

        Refactor identifier resolution in BytecodeGenerator
        https://bugs.webkit.org/show_bug.cgi?id=76285

        Reviewed by Geoffrey Garen.

        * bytecompiler/BytecodeGenerator.h:
        (JSC::ResolveResult): New class, to describe the storage
        location corresponding to an identifier in a program.
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::resolve): New function, replacing
        findScopedProperty.
        (JSC::BytecodeGenerator::resolveConstDecl): New function,
        encapsulating what ConstDeclNode::emitBytecode used to do.
        (JSC::BytecodeGenerator::emitGetStaticVar):
        (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
        corresponding to the old emitGetScopedVar and emitPutScopedVar.
        (JSC::BytecodeGenerator::registerFor): Remove version that took an
        Identifier&; replaced by ResolveResult::local().
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveBase):
        (JSC::BytecodeGenerator::emitResolveBaseForPut):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
        "resolveResult" argument.  This is more clear, and reduces the
        amount of double analysis happening at compile-time.
        * bytecompiler/NodesCodegen.cpp:
        (JSC::ResolveNode::emitBytecode):
        (JSC::EvalFunctionCallNode::emitBytecode):
        (JSC::FunctionCallResolveNode::emitBytecode):
        (JSC::PostfixResolveNode::emitBytecode):
        (JSC::DeleteResolveNode::emitBytecode):
        (JSC::TypeOfResolveNode::emitBytecode):
        (JSC::PrefixResolveNode::emitBytecode):
        (JSC::ReadModifyResolveNode::emitBytecode):
        (JSC::AssignResolveNode::emitBytecode):
        (JSC::ConstDeclNode::emitCodeSingle):
        (JSC::ForInNode::emitBytecode): Refactor to use the new
        ResolveResult structure.

2012-02-01  Csaba Osztrogonác  <ossy@webkit.org>

        Implement Error.stack
        https://bugs.webkit.org/show_bug.cgi?id=66994

        Unreviewed, rolling out r106407.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * interpreter/AbstractPC.cpp:
        (JSC::AbstractPC::AbstractPC):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::throwException):
        * interpreter/Interpreter.h:
        (JSC):
        (Interpreter):
        * jsc.cpp:
        (GlobalObject::finishCreation):
        * parser/Parser.h:
        (JSC::::parse):
        * runtime/CommonIdentifiers.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/Error.h:
        (JSC):

2012-01-31  Hajime Morrita  <morrita@chromium.org>

        Add missing JS_PRIVATE_EXPORTs
        https://bugs.webkit.org/show_bug.cgi?id=77507

        Reviewed by Kevin Ollivier.

        * heap/MarkedSpace.h:
        (MarkedSpace):
        * interpreter/Interpreter.h:
        (Interpreter):
        * runtime/JSValue.h:
        (JSValue):
        * wtf/text/AtomicString.h:
        (WTF::AtomicString::add):
        * wtf/text/WTFString.h:
        (WTF):

2012-01-31  Geoffrey Garen  <ggaren@apple.com>

        Stop using -fomit-frame-pointer
        https://bugs.webkit.org/show_bug.cgi?id=77403

        Reviewed by Filip Pizlo.
        
        JavaScriptCore is too fast. I'm just the man to fix it.

        * Configurations/JavaScriptCore.xcconfig:

2012-01-31  Michael Saboff  <msaboff@apple.com>

        StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
        https://bugs.webkit.org/show_bug.cgi?id=76647

        Reviewed by Darin Adler.

        Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
        to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle to special
        cases.  One case is s-sharp (0xdf) which converts to "SS".  The other case is 
        for characters which become 16 bit values when converted to upper case.  For
        those, we up convert the the source string and use the 16 bit path.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncToUpperCase):
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::upper):
        * wtf/unicode/CharacterNames.h:
        (smallLetterSharpS): New constant

2012-01-31  Oliver Hunt  <oliver@apple.com>

        Remove unneeded sourceId property
        https://bugs.webkit.org/show_bug.cgi?id=77495

        Reviewed by Filip Pizlo.

        sourceId isn't used anymore, so we'll just remove it.

        * runtime/Error.cpp:
        (JSC):
        (JSC::addErrorInfo):
        (JSC::hasErrorInfo):

2012-01-31  Oliver Hunt  <oliver@apple.com>

        Implement Error.stack
        https://bugs.webkit.org/show_bug.cgi?id=66994

        Reviewed by Gavin Barraclough.

        Original patch by Juan Carlos Montemayor Elosua:
            This patch utilizes topCallFrame to create a stack trace when
            an error is thrown. Users will also be able to use the stack()
            command in jsc to get arrays with stack trace information.

        Modified to be correct on ToT, with a variety of correctness,
        performance, and security improvements.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * interpreter/Interpreter.cpp:
        (JSC::getCallerLine):
        (JSC::getSourceURLFromCallFrame):
        (JSC::getStackFrameCodeType):
        (JSC::Interpreter::getStackTrace):
        (JSC::Interpreter::throwException):
        * interpreter/Interpreter.h:
        (JSC::StackFrame::toString):
        * jsc.cpp:
        (GlobalObject::finishCreation):
        (functionJSCStack):
        * parser/Parser.h:
        (JSC::Parser::parse):
        * runtime/CommonIdentifiers.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/Error.h:

2012-01-31  Scott Graham  <scottmg@chromium.org>

        [Chromium] Remove references to gyp cygwin build target
        https://bugs.webkit.org/show_bug.cgi?id=77253

        Reviewed by Julien Chaffraix.

        Target dependency is no longer required, it's done earlier in the
        build process.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2012-01-31  Michael Saboff  <msaboff@apple.com>

        ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
        https://bugs.webkit.org/show_bug.cgi?id=77443

        Reviewed by Gavin Barraclough.

        Removed failing ASSERT() and thus destructor.  The ASSERT isn't needed.
        We are hitting it in the YARR JIT case where we bail out and go to the
        interpreter with a partially JIT'ed function.  Since we haven't linked
        the JIT'ed code, there is likely to be some unresolved jumps in the vector
        when the ARMv7Assembler destructor is called.  For the case where we
        complete the JIT process, we clear the vector at the end of
        LinkBuffer::linkCode (LinkBuffer.h:292).

        * assembler/ARMv7Assembler.h:
        (ARMv7Assembler):

2012-01-31  Anders Carlsson  <andersca@apple.com>

        Vector<T>::operator== shouldn't require T to have operator!=
        https://bugs.webkit.org/show_bug.cgi?id=77448

        Reviewed by Andreas Kling.

        Change VectorComparer::compare to use !(a == b) instead of a != b since
        it makes more sense for Vector::operator== to use the element's operator==.

        * wtf/Vector.h:

2012-01-30  Oliver Hunt  <oliver@apple.com>

        get_by_val_arguments is broken in the interpreter
        https://bugs.webkit.org/show_bug.cgi?id=77389

        Reviewed by Gavin Barraclough.

        When get_by_val had wad a value profile added, the same slot was not added to
        get_by_val_arguments.  This broke the interpreter as the interpreter falls
        back on its regular get_by_val implementation.

        No tests are added as the interpreter is fairly broken in its
        current state (multiple tests fail due to this bug).

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * bytecode/Opcode.h:
        (JSC):
        ():
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitGetArgumentByVal):

2012-01-30  Oliver Hunt  <oliver@apple.com>

        Unexpected syntax error
        https://bugs.webkit.org/show_bug.cgi?id=77340

        Reviewed by Gavin Barraclough.

        Function calls and new expressions have the same semantics for
        assignment, so should simply share their lhs handling.

        * parser/Parser.cpp:
        (JSC::::parseMemberExpression):

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        Unreviewed ARMv7 build fix.

        * tools/CodeProfiling.cpp:
        (JSC):
        (JSC::setProfileTimer):
        (JSC::CodeProfiling::begin):
        (JSC::CodeProfiling::end):

2012-01-30  David Levin  <levin@chromium.org>

        Using OS(WIN) or OS(MAC) should cause a build error.
        https://bugs.webkit.org/show_bug.cgi?id=77162

        Reviewed by Darin Adler.

        * wtf/Platform.h: Expand them into something that will
         cause a compile error.

2012-01-30  Yong Li  <yoli@rim.com>

        [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
        https://bugs.webkit.org/show_bug.cgi?id=77360

        Reviewed by Rob Buis.

        Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
        for OS(QNX).

        * wtf/Platform.h:

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        Speculative Windows build fix.

        * assembler/MacroAssemblerCodeRef.h:
        (FunctionPtr):

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=77163
        MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)

        Rubber stamped by Geoff Garen

        * assembler/MacroAssemblerCodeRef.h:

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        Unreviewed build fix for interpreter builds.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * tools/CodeProfile.cpp:
        (JSC::CodeProfile::sample):

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        Unreviewed build fix following bug#76855

        * JavaScriptCore.exp:

2012-01-30  Michael Saboff  <msaboff@apple.com>

        CaseFoldingHash::hash() doesn't handle 8 bit strings directly
        https://bugs.webkit.org/show_bug.cgi?id=76652

        Reviewed by Andreas Kling.

        * wtf/text/StringHash.h:
        (WTF::CaseFoldingHash::hash): Added 8 bit string code path.

2012-01-30  Michael Saboff  <msaboff@apple.com>

        stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
        https://bugs.webkit.org/show_bug.cgi?id=76651

        Reviewed by Geoffrey Garen.

        Made local function substituteBackreferencesSlow a template function
        based on character width.  Cleaned up getCharacters() in both UString
        and StringImpl.  Changed getCharacters<UChar> to up convert an 8 bit
        string to 16 bits if necessary.

        * runtime/StringPrototype.cpp:
        (JSC::substituteBackreferencesSlow):
        (JSC::substituteBackreferences):
        * runtime/UString.h:
        (JSC::LChar):
        (JSC::UChar):
        * wtf/text/StringImpl.h:
        (WTF::UChar):

2012-01-30  Gavin Barraclough  <barraclough@apple.com>

        Clean up putDirect
        https://bugs.webkit.org/show_bug.cgi?id=76232

        Reviewed by Sam Weinig.

        Part 3 - merge op_put_getter & op_put_setter.

        Putting these separately is inefficient (and makes future optimiation,
        e.g. making GetterSetter immutable) harder. Change to emit a single
        op_put_getter_setter bytecode op. Ultimately we should probably be
        able to merge this with put direct, to create a common op to initialize
        object literal properties.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * bytecode/Opcode.h:
        (JSC):
        ():
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitPutGetterSetter):
        * bytecompiler/BytecodeGenerator.h:
        (BytecodeGenerator):
        * bytecompiler/NodesCodegen.cpp:
        (JSC::PropertyListNode::emitBytecode):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JIT.h:
        (JIT):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_put_getter_setter):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_put_getter_setter):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        ():
        * runtime/JSObject.cpp:
        (JSC::JSObject::putDirectVirtual):
        (JSC::JSObject::putDirectAccessor):
        (JSC):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        ():
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectWithoutTransition):

2012-01-30  Michael Saboff  <msaboff@apple.com>

        Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
        https://bugs.webkit.org/show_bug.cgi?id=76649

        Reviewed by Geoffrey Garen.

        * JavaScriptCore.exp: Added export for charactersToDouble.

2012-01-30  Michael Saboff  <msaboff@apple.com>

        WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
        https://bugs.webkit.org/show_bug.cgi?id=76648

        Reviewed by Geoffrey Garen.

        Added a new overloaded append member that takes a String& argument, an offest
        and a length to do direct sub string appending to a StringBuilder.

        * wtf/text/StringBuilder.h:
        (WTF::StringBuilder::append):

2012-01-29  Zoltan Herczeg  <zherczeg@webkit.org>

        Custom written CSS lexer
        https://bugs.webkit.org/show_bug.cgi?id=70107

        Reviewed by Antti Koivisto and Oliver Hunt.

        Add new helper functions for the custom written CSS lexer.

        * wtf/ASCIICType.h:
        (WTF::toASCIILowerUnchecked):
        (WTF):
        (WTF::isASCIIAlphaCaselessEqual):

2012-01-29  Filip Pizlo  <fpizlo@apple.com>

        REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
        https://bugs.webkit.org/show_bug.cgi?id=77146
        <rdar://problem/10770586>

        Reviewed by Oliver Hunt.
        
        The old JIT expects that the result of the last operation is in the lastResultRegister.  The DFG JIT is
        designed to correctly track the lastResultRegister by looking at SetLocal nodes.  However, when the DFG
        JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
        lastResultRegister.  Hence if we OSR exit on the first node following the end of an inlined code block
        that had a return value, and that first node uses the return value, the old JIT will get massively
        confused.  This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
        JIT slightly dumber.

        * jit/JITCall.cpp:
        (JSC::JIT::emit_op_call_put_result):

2012-01-29  Filip Pizlo  <fpizlo@apple.com>

        Build fix for Mac non-x64 platforms.

        * tools/CodeProfiling.cpp:
        (JSC):

2012-01-28  Gavin Barraclough  <barraclough@apple.com>

        Reserve 'let'
        https://bugs.webkit.org/show_bug.cgi?id=77293

        Rubber stamped by Oliver Hunt.

        'let' may become a keyword in ES6.  We're going to try experimentally reserving it,
        to see if this breaks the web.

        * parser/Keywords.table:

2012-01-27  Gavin Barraclough  <barraclough@apple.com>

        Implement a JIT-code aware sampling profiler for JSC
        https://bugs.webkit.org/show_bug.cgi?id=76855

        Reviewed by Oliver Hunt.

        To enable the profiler, set the JSC_CODE_PROFILING environment variable to
        1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
        trace all samples).

        The profiler requires -fomit-frame-pointer to be removed from the build flags.

        * JavaScriptCore.exp:
            - Removed an export.
        * JavaScriptCore.xcodeproj/project.pbxproj:
            - Added new files
        * bytecode/CodeBlock.cpp:
            - For baseline codeblocks, cache the result of canCompileWithDFG.
        * bytecode/CodeBlock.h:
            - For baseline codeblocks, cache the result of canCompileWithDFG.
        * jit/ExecutableAllocator.cpp:
        (JSC::ExecutableAllocator::initializeAllocator):
            - Notify the profiler when the allocator is created.
        (JSC::ExecutableAllocator::allocate):
            - Inform the allocated of the ownerUID.
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::ExecutableAllocator::initializeAllocator):
            - Notify the profiler when the allocator is created.
        (JSC::ExecutableAllocator::allocate):
            - Inform the allocated of the ownerUID.
        * jit/JITStubs.cpp:
            - If profiling, don't mask the return address in JIT code.
              (We do so to provide nicer backtraces in debug builds).
        * runtime/Completion.cpp:
        (JSC::evaluate):
            - Notify the profiler of script evaluations.
        * tools: Added.
        * tools/CodeProfile.cpp: Added.
        (JSC::symbolName):
            - Helper function to get the name of a symbol in the framework.
        (JSC::truncateTrace):
            - Helper to truncate traces into methods know to have uninformatively deep stacks.
        (JSC::CodeProfile::sample):
            - Record a stack trace classifying samples.
        (JSC::CodeProfile::report):
            - {Print profiler output.
        * tools/CodeProfile.h: Added.
            - new class, captures a set of samples associated with an evaluated script,
              and nested to record samples from subscripts.
        * tools/CodeProfiling.cpp: Added.
        (JSC::CodeProfiling::profilingTimer):
            - callback fired then a timer event occurs.
        (JSC::CodeProfiling::notifyAllocator):
            - called when the executable allocator is constructed.
        (JSC::CodeProfiling::getOwnerUIDForPC):
            - helper to lookup the codeblock from an address in JIT code
        (JSC::CodeProfiling::begin):
            - enter a profiling scope.
        (JSC::CodeProfiling::end):
            - exit a profiling scope.
        * tools/CodeProfiling.h: Added.
            - new class, instantialed from Completion to define a profiling scope.
        * tools/ProfileTreeNode.h: Added.
            - new class, used to construct a tree of samples.
        * tools/TieredMMapArray.h: Added.
            - new class, a malloc-free vector (can be used while the main thread is suspended,
              possibly holding the malloc heap lock).
        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
        (WTF::MetaAllocator::allocate):
            - Allow allocation handles to track information about their owner.
        * wtf/MetaAllocator.h:
        (MetaAllocator):
            - Allow allocation handles to track information about their owner.
        * wtf/MetaAllocatorHandle.h:
        (MetaAllocatorHandle):
        (WTF::MetaAllocatorHandle::ownerUID):
            - Allow allocation handles to track information about their owner.
        * wtf/OSAllocator.h:
        (WTF::OSAllocator::reallocateCommitted):
            - reallocate an existing, committed memory allocation.

2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r106187.
        http://trac.webkit.org/changeset/106187
        https://bugs.webkit.org/show_bug.cgi?id=77276

        The last rollout was a false charge. (Requested by morrita on
        #webkit).

        * runtime/ExceptionHelpers.h:
        (InterruptedExecutionError):
        * runtime/JSBoundFunction.h:
        (JSBoundFunction):
        * runtime/RegExp.h:
        (RegExp):
        * runtime/RegExpMatchesArray.h:
        (RegExpMatchesArray):

2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r106151.
        http://trac.webkit.org/changeset/106151
        https://bugs.webkit.org/show_bug.cgi?id=77275

        may break windows build (Requested by morrita on #webkit).

        * runtime/ExceptionHelpers.h:
        (InterruptedExecutionError):
        * runtime/JSBoundFunction.h:
        (JSBoundFunction):
        * runtime/RegExp.h:
        (RegExp):
        * runtime/RegExpMatchesArray.h:
        (RegExpMatchesArray):

2012-01-28  Filip Pizlo  <fpizlo@apple.com>

        GC invoked while doing an old JIT property storage reallocation may lead
        to an object that refers to a dead structure
        https://bugs.webkit.org/show_bug.cgi?id=77273
        <rdar://problem/10770565>

        Reviewed by Gavin Barraclough.
        
        The put_by_id transition was already saving the old structure by virtue of
        having the object on the stack, so that wasn't going to get deleted. But the
        new structure was unprotected in the transition. I've now changed the
        transition code to save the new structure, ensuring that the GC will know it
        to be marked if invoked from within put_by_id_transition_realloc.

        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::privateCompilePutByIdTransition):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        (JSC):
        ():

2012-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r106167.
        http://trac.webkit.org/changeset/106167
        https://bugs.webkit.org/show_bug.cgi?id=77264

        broke LayoutTests/fast/js/string-capitalization.html
        (Requested by msaboff on #webkit).

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncToLowerCase):
        (JSC::stringProtoFuncToUpperCase):
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::upper):

2012-01-27  Filip Pizlo  <fpizlo@apple.com>

        Build fix for interpreter platforms.

        * interpreter/AbstractPC.cpp:
        (JSC::AbstractPC::AbstractPC):

2012-01-27  Michael Saboff  <msaboff@apple.com>

        StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
        https://bugs.webkit.org/show_bug.cgi?id=76647

        Reviewed by Geoffrey Garen.

        Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
        to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle the two
        8 bit characters that when converted to upper case become 16 bit characters.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
        (JSC::stringProtoFuncToUpperCase):
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::upper):

2012-01-27  Hajime Morita  <morrita@google.com>

        [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
        https://bugs.webkit.org/show_bug.cgi?id=77244

        Reviewed by Filip Pizlo.

        * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
        * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp

2012-01-27  Simon Hausmann  <simon.hausmann@nokia.com>

        [JSC] Asm-originated symbols should be marked as hidden
        https://bugs.webkit.org/show_bug.cgi?id=77150

        Reviewed by Filip Pizlo.

        * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
        but they were missing in the CPU(X86) and the CPU(X86_64) cases.

2012-01-27  MORITA Hajime  <morrita@google.com>

        [JSC] Some JS_EXPORTDATA may not be necessary.
        https://bugs.webkit.org/show_bug.cgi?id=77145

        Reviewed by Darin Adler.

        Removed JS_EXPORTDATA attributes whose attributing symbols are
        not exported on Mac port.
        
        * runtime/ExceptionHelpers.h:
        (InterruptedExecutionError):
        * runtime/JSBoundFunction.h:
        (JSBoundFunction):
        * runtime/RegExp.h:
        (RegExp):
        * runtime/RegExpMatchesArray.h:
        (RegExpMatchesArray):

2012-01-27  MORITA Hajime  <morrita@google.com>

        [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
        https://bugs.webkit.org/show_bug.cgi?id=77113

        Reviewed by Darin Adler.

        * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.

2012-01-27  Zeno Albisser  <zeno@webkit.org>

        [Qt][Mac] Build fails after adding ICU support (r105997).
        https://bugs.webkit.org/show_bug.cgi?id=77118

        Use Apple code path for unicode date formats on mac.

        Reviewed by Tor Arne Vestbø.

        * runtime/DatePrototype.cpp:
        ():

2012-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add a GKeyFile especialization to GOwnPtr
        https://bugs.webkit.org/show_bug.cgi?id=77191

        Reviewed by Martin Robinson.

        * wtf/gobject/GOwnPtr.cpp:
        (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
        * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
        * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.

2012-01-25  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: should be possible to open function declaration from script popover
        https://bugs.webkit.org/show_bug.cgi?id=76913

        Added display function name and source location to the popover in scripts panel.
        Now when a function is hovered user can navigate to its definition.

        Reviewed by Pavel Feldman.

        * JavaScriptCore/JavaScriptCore.exp
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/JSFunction.h:
        (JSFunction):

2012-01-26  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
        
        * runtime/DatePrototype.cpp:
        ():

2012-01-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        Merge AllocationSpace into MarkedSpace
        https://bugs.webkit.org/show_bug.cgi?id=77116

        Reviewed by Geoffrey Garen.

        Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 
        MarkedSpace allocation.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * heap/AllocationSpace.cpp: Removed.
        * heap/AllocationSpace.h: Removed.
        * heap/BumpSpace.h:
        (BumpSpace):
        * heap/Heap.h:
        (JSC::Heap::objectSpace):
        (Heap):
        ():
        * heap/HeapBlock.h:
        ():
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::tryAllocateHelper):
        (JSC):
        (JSC::MarkedSpace::tryAllocate):
        (JSC::MarkedSpace::allocateSlowCase):
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::freeBlocks):
        (TakeIfUnmarked):
        (JSC::TakeIfUnmarked::TakeIfUnmarked):
        (JSC::TakeIfUnmarked::operator()):
        (JSC::TakeIfUnmarked::returnValue):
        (JSC::MarkedSpace::shrink):
        (GatherDirtyCells):
        (JSC::GatherDirtyCells::returnValue):
        (JSC::GatherDirtyCells::GatherDirtyCells):
        (JSC::GatherDirtyCells::operator()):
        (JSC::MarkedSpace::gatherDirtyCells):
        * heap/MarkedSpace.h:
        (MarkedSpace):
        (JSC::MarkedSpace::blocks):
        (JSC::MarkedSpace::forEachCell):
        (JSC):
        (JSC::MarkedSpace::allocate):

2012-01-26  Oliver Hunt  <oliver@apple.com>

        MSVC bug fix.
        <rdar://problem/10703671> MSVC generates bad code for enum compare.

        RS=Geoff

        Make bitfield large enough to work around MSVC's desire to make enums
        signed types.

        * bytecode/CallLinkInfo.h:
        (CallLinkInfo):

2012-01-26  Filip Pizlo  <fpizlo@apple.com>

        All DFG helpers that may call out to arbitrary JS code must know where they
        were called from due to inlining and call stack walking
        https://bugs.webkit.org/show_bug.cgi?id=77070
        <rdar://problem/10750834>

        Reviewed by Geoff Garen.
        
        Changed the DFG to always record a code origin index in the tag of the argument
        count (which we previously left blank for the benefit of LLInt, but is still
        otherwise unused by the DFG), so that if we ever need to walk the stack accurately
        we know where to start. In particular, if the current ExecState* points several
        semantic call frames away from the true semantic call frame because we had
        performed inlining, having the code origin index recorded means that we can reify
        those call frames as necessary to give runtime/library code an accurate view of
        the current JS state.
        
        This required several large but mechanical changes:
        
        - Calling a function from the DFG now plants a store32 instruction to store the
          code origin index. But the indices of code origins were previously picked by
          the DFG::JITCompiler after code generation completed. I changed this somewhat;
          even though the code origins are put into the CodeBlock after code gen, the
          code gen now knows a priori what their indices will be. Extensive assertions
          are in place to ensure that the two don't get out of sync, in the form of the
          DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
          those don't need the code origin index set in the call frame because we can get
          it by doing a binary search on the return PC.

        - Stack walking now always calls trueCallFrame() first before beginning the walk,
          since even the top call frame may be wrong. It still calls trueCallerFrame() as
          before to get to the next frame, though trueCallerFrame() is now mostly a
          wrapper around callerFrame()->trueCallFrame().
          
        - Because the mechanism for getting the code origin of a call frame is bimodal
          (either the call frame knows its code origin because the code origin index was
          set, or it's necessary to use the callee frame's return PC), I put in extra
          mechanisms to determine whether your caller, or your callee, corresponds to
          a call out of C++ code. Previously we just had the host call flag, but this is
          insufficient as it does not cover the case of someone calling JSC::call(). But
          luckily we can determine this just by looking at the return PC: if the return
          PC is in range of the ctiTrampiline, then two things are true: this call
          frame's PC will tell you nothing about where you came from in your caller, and
          the caller already knows where it's at because it must have set the code origin
          index (unless it's not DFG code, in which case we don't care because there is
          no inlining to worry about).
          
        - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
          inlining code, so I fixed it.

        - Finally because I was tired of doing random #if's for checking if I should be
          passing around an Instruction* or a ReturnAddressPtr, I created a class called
          AbstractPC that holds whatever notion of a PC is appropriate for the current
          execution environment. It's designed to work gracefully even if both the
          interpreter and the JIT are compiled in, and should integrate nicely with the
          LLInt.
          
        This is neutral on all benchmarks and fixes some nasty corner-case regressions of
        evil code that uses combinations of getters/setters and function.arguments.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::codeOrigin):
        (CodeBlock):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleInlining):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGJITCompiler.h:
        (CallBeginToken):
        (JSC::DFG::CallBeginToken::CallBeginToken):
        (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
        (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
        (DFG):
        (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
        (CallExceptionRecord):
        (JSC::DFG::JITCompiler::JITCompiler):
        (JITCompiler):
        (JSC::DFG::JITCompiler::nextCallBeginToken):
        (JSC::DFG::JITCompiler::beginCall):
        (JSC::DFG::JITCompiler::notifyCall):
        (JSC::DFG::JITCompiler::addExceptionCheck):
        (JSC::DFG::JITCompiler::addFastExceptionCheck):
        * dfg/DFGOperations.cpp:
        ():
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::tryBuildGetByIDList):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::emitCall):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::emitCall):
        * interpreter/AbstractPC.cpp: Added.
        (JSC):
        (JSC::AbstractPC::AbstractPC):
        * interpreter/AbstractPC.h: Added.
        (JSC):
        (AbstractPC):
        (JSC::AbstractPC::AbstractPC):
        (JSC::AbstractPC::hasJITReturnAddress):
        (JSC::AbstractPC::jitReturnAddress):
        (JSC::AbstractPC::hasInterpreterReturnAddress):
        (JSC::AbstractPC::interpreterReturnAddress):
        (JSC::AbstractPC::isSet):
        (JSC::AbstractPC::operator!):
        ():
        * interpreter/CallFrame.cpp:
        (JSC):
        (JSC::CallFrame::trueCallFrame):
        (JSC::CallFrame::trueCallerFrame):
        * interpreter/CallFrame.h:
        (JSC::ExecState::abstractReturnPC):
        (JSC::ExecState::codeOriginIndexForDFGWithInlining):
        (ExecState):
        (JSC::ExecState::trueCallFrame):
        (JSC::ExecState::trueCallFrameFromVMCode):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::retrieveArgumentsFromVMCode):
        (JSC::Interpreter::retrieveCallerFromVMCode):
        (JSC::Interpreter::findFunctionCallFrameFromVMCode):
        * interpreter/Interpreter.h:
        (Interpreter):
        ():
        * jit/JITStubs.cpp:
        (JSC):
        ():
        * jit/JITStubs.h:
        (JSC):
        (JSC::returnAddressIsInCtiTrampoline):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::argumentsGetter):
        (JSC::JSFunction::callerGetter):
        (JSC::JSFunction::getOwnPropertyDescriptor):

2012-01-26  Peter Varga  <pvarga@webkit.org>

        Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
        https://bugs.webkit.org/show_bug.cgi?id=77104

        Reviewed by Filip Pizlo.

        * dfg/DFGOperations.cpp:
        ():

2012-01-26  Michael Saboff  <msaboff@apple.com>

        String::latin1() should take advantage of 8 bit strings
        https://bugs.webkit.org/show_bug.cgi?id=76646

        Reviewed by Geoffrey Garen.

        * wtf/text/WTFString.cpp:
        (WTF::String::latin1): For 8 bit strings, use existing buffer
        without conversion.

2012-01-26  Michael Saboff  <msaboff@apple.com>

        Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
        https://bugs.webkit.org/show_bug.cgi?id=76645

        Reviewed by Geoffrey Garen.

        * wtf/text/StringImpl.cpp:
        (WTF::equalIgnoringCase): New LChar version.
        (WTF::findInner): New helper function.
        (WTF::StringImpl::find): Added 8 bit path.
        (WTF::reverseFindInner): New helper funciton.
        (WTF::StringImpl::reverseFind): Added 8 bit path.
        (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
        * wtf/text/StringImpl.h:
        (WTF):

2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>

        [Qt][Win] One more speculative buildfix after r105970.

        * JavaScriptCore.pri:

2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>

        [Qt][Win] Speculative buildfix after r105970.

        * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().

2012-01-26  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r105982.
        http://trac.webkit.org/changeset/105982
        https://bugs.webkit.org/show_bug.cgi?id=77090

        breaks the world (Requested by WildFox on #webkit).

        * wtf/MainThread.cpp:
        (WTF):
        * wtf/Platform.h:
        * wtf/mac/MainThreadMac.mm:
        (WTF):
        (WTF::registerGCThread):
        (WTF::isMainThreadOrGCThread):

2012-01-26  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        [Qt] GC should be parallel on Qt platform
        https://bugs.webkit.org/show_bug.cgi?id=73309

        Reviewed by Zoltan Herczeg.

        These changes made the parallel gc feature available for Qt port.
        The implementation of "registerGCThread" and "isMainThreadOrGCThread"
        is moved from MainThreadMac.mm to the common MainThread.cpp to make
        them available for other platforms.

        Measurement results:
        V8           speed-up:  1.071x as fast  [From: 746.1ms  To: 696.4ms ]
        WindScorpion speed-up:  1.082x as fast  [From: 3490.4ms To: 3226.7ms]
        V8 Splay     speed-up:  1.158x as fast  [From: 145.8ms  To: 125.9ms ]

        Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.

        * wtf/MainThread.cpp:
        (WTF):
        (WTF::registerGCThread):
        (WTF::isMainThreadOrGCThread):
        * wtf/Platform.h:
        * wtf/mac/MainThreadMac.mm:

2012-01-26  Andy Estes  <aestes@apple.com>

        REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
        https://bugs.webkit.org/show_bug.cgi?id=77073

        Reviewed by Ryosuke Niwa.
        
        r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
        This should have been changed to OS(WINDOWS). This causes the
        preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
        causing allocations made by Win32 to be deleted by fastmalloc.

        * wtf/OwnPtrCommon.h:
        (WTF): Use OS(WINDOWS) instead of OS(WIN).

2012-01-25  Mark Rowe  <mrowe@apple.com>

        Attempted Mac build fix after r105939.

        * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
        It isn't used on these platforms and isn't available in the ICU headers
        for Mac.

2012-01-25  Mark Rowe  <mrowe@apple.com>

        Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.

        <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH

        Reviewed by David Kilzer.

        * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
        the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
        to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
        * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
        the normal framework location. This prevents an incorrect install name from being used when
        installing in to the staged frameworks directory.

2012-01-25  Eli Fidler  <efidler@rim.com>

        Implement Date.toLocaleString() using ICU
        https://bugs.webkit.org/show_bug.cgi?id=76714

        Reviewed by Darin Adler.

        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate):

2012-01-25  Hajime Morita  <morrita@google.com>

        ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
        https://bugs.webkit.org/show_bug.cgi?id=76863

        Reviewed by Dimitri Glazkov.

        Added a feature flag.

        * Configurations/FeatureDefines.xcconfig:

2012-01-25  Yong Li  <yoli@rim.com>

        [BlackBerry] Implement OSAllocator::commit/decommit.
        BlackBerry port should support virtual memory decommiting.
        https://bugs.webkit.org/show_bug.cgi?id=77013

        Reviewed by Rob Buis.

        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveUncommitted):
        (WTF::OSAllocator::commit):
        (WTF::OSAllocator::decommit):
        * wtf/Platform.h:

2012-01-24  Oliver Hunt  <oliver@apple.com>

        Make DFG update topCallFrame
        https://bugs.webkit.org/show_bug.cgi?id=76969

        Reviewed by Filip Pizlo.

        Add NativeCallFrameTracer to manage topCallFrame assignment
        in the DFG operations, and make use of it.

        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationPutByValInternal):
        ():
        * interpreter/Interpreter.h:
        (JSC):
        (NativeCallFrameTracer):
        (JSC::NativeCallFrameTracer::NativeCallFrameTracer):

2012-01-24  Filip Pizlo  <fpizlo@apple.com>

        Inlining breaks call frame walking when the walking is done from outside the inlinee,
        but inside a code block that had inlining
        https://bugs.webkit.org/show_bug.cgi?id=76978
        <rdar://problem/10720904>

        Reviewed by Oliver Hunt.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::codeOriginForReturn):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::trueCallerFrame):

2012-01-24  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=76855
        Implement a JIT-code aware sampling profiler for JSC

        Reviewed by Oliver Hunt.

        Add support to MetaAllocator.cpp to track all live handles in a map,
        allowing lookup based on any address within the allocation.

        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocatorTracker::notify):
        (WTF::MetaAllocatorTracker::release):
            - Track live handle objects in a map.
        (WTF::MetaAllocator::release):
            - Removed support for handles with null m_allocator (no longer used).
            - Notify the tracker of handles being released.
        (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
            - Moved functionality out into MetaAllocator::release.
        (WTF::MetaAllocatorHandle::shrink):
            - Removed support for handles with null m_allocator (no longer used).
        (WTF::MetaAllocator::MetaAllocator):
            - Initialize m_tracker.
        (WTF::MetaAllocator::allocate):
            - Notify the tracker of new allocations.
        * wtf/MetaAllocator.h:
        (WTF::MetaAllocatorTracker::find):
            - Lookup a MetaAllocatorHandle based on an address inside the allocation.
        (WTF::MetaAllocator::trackAllocations):
            - Register a callback object to track allocation state.
        * wtf/MetaAllocatorHandle.h:
            - Remove unused createSelfManagedHandle/constructor.
        (WTF::MetaAllocatorHandle::key):
            - Added, for use in RedBlackTree.

2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>

        Use copying collector for out-of-line JSObject property storage
        https://bugs.webkit.org/show_bug.cgi?id=76665

        Reviewed by Geoffrey Garen.

        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
        Also added a temporary variable to avoid warnings from GCC.
        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
        operator new. Also added a temporary variable to avoid warnings from GCC.
        * runtime/JSObject.h:

2012-01-24  Geoffrey Garen  <ggaren@apple.com>

        JSValue::toString() should return a JSString* instead of a UString
        https://bugs.webkit.org/show_bug.cgi?id=76861

        Fixed two failing layout tests after my last patch.