2011-02-04 Ilya Tikhonovsky <loislo@chromium.org>
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-02-04  Ilya Tikhonovsky  <loislo@chromium.org>
2
3         Unreviewed rollout two patches r77614 and r77612.
4
5         REGRESSION: Snow Leopard Intell Release anumber of failing tests.
6
7         * runtime/Heap.cpp:
8         (JSC::Heap::Heap):
9         (JSC::Heap::reset):
10         * runtime/Heap.h:
11         * runtime/MarkedSpace.cpp:
12         (JSC::MarkedSpace::allocate):
13         (JSC::MarkedSpace::sweep):
14         (JSC::MarkedSpace::reset):
15         * runtime/MarkedSpace.h:
16
17 2011-02-04  Geoffrey Garen  <ggaren@apple.com>
18
19         Try to fix 32bit build.
20
21         * runtime/Heap.cpp:
22         (JSC::Heap::reset): Use an explicit cast to avoid shortening warnings,
23         since 1.5 is double (64bit), and the result is size_t (32bit).
24
25 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
26
27         Reviewed by Cameron Zwarich.
28
29         Changed MarkedSpace to delegate grow/shrink decisions to Heap
30         https://bugs.webkit.org/show_bug.cgi?id=53759
31         
32         SunSpider reports no change.
33         
34         * runtime/Heap.cpp:
35         (JSC::Heap::Heap):
36         (JSC::Heap::reset):
37         * runtime/Heap.h: Reorganized a few data members for better cache locality.
38         Added a grow policy.
39         
40         * runtime/MarkedSpace.cpp:
41         (JSC::MarkedSpace::allocate):
42         (JSC::MarkedSpace::sweep):
43         (JSC::MarkedSpace::reset): Don't shrink automatically. Instead, wait for
44         the heap to make an explicit sweep call.
45
46         * runtime/MarkedSpace.h:
47         (JSC::MarkedSpace::highWaterMark):
48         (JSC::MarkedSpace::setHighWaterMark): Use a watermark to determine how
49         many bytes to allocate before failing and giving the heap an opportunity
50         to collect garbage. This also means that we allocate blocks on demand,
51         instead of ahead of time.
52
53 2011-02-03  James Kozianski  <koz@chromium.org>
54
55         Reviewed by Dimitri Glazkov.
56
57         Add navigator.registerProtocolHandler behind a flag.
58         https://bugs.webkit.org/show_bug.cgi?id=52609
59
60         * Configurations/FeatureDefines.xcconfig:
61
62 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
63
64         Reviewed by Oliver Hunt.
65
66         Not all blocks are freed when the heap is freed (counting is hard!)
67         https://bugs.webkit.org/show_bug.cgi?id=53732
68
69         * runtime/MarkedSpace.cpp:
70         (JSC::MarkedSpace::destroy): Freeing a block compacts the list, so just
71         keep freeing block 0 until there are no blocks left.
72
73 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
74
75         Try to fix the Mac build.
76
77         * JavaScriptCore.xcodeproj/project.pbxproj: The new MarkedBlock.h header
78         needs to be private, not project, so other projects can include headers
79         that depend on it.
80
81 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
82
83         Reviewed by Sam Weinig.
84
85         Start using MarkedBlock instead of CollectorBlock
86         https://bugs.webkit.org/show_bug.cgi?id=53693
87         
88         SunSpider reports no change.
89         
90         * runtime/MarkedBlock.h:
91         (JSC::MarkedBlock::blockFor):
92         (JSC::MarkedBlock::setMarked):
93         (JSC::MarkedBlock::isCellAligned):
94         (JSC::MarkedBlock::isPossibleCell): Updated for const-ness.
95
96         * runtime/MarkedSpace.cpp:
97         (JSC::MarkedSpace::allocateBlock):
98         (JSC::MarkedSpace::containsSlowCase):
99         (JSC::MarkedSpace::clearMarkBits): Updated for const-ness.
100
101         * runtime/MarkedSpace.h:
102         (JSC::CollectorHeap::collectorBlock):
103         (JSC::MarkedSpace::heap):
104         (JSC::MarkedSpace::isMarked):
105         (JSC::MarkedSpace::testAndSetMarked):
106         (JSC::MarkedSpace::setMarked):
107         (JSC::MarkedSpace::contains): Switched from CollectorBlock to MarkedBlock,
108         and deleted dead CollectorBlock-related code.
109
110 2011-02-03  Patrick Gansterer  <paroga@webkit.org>
111
112         Reviewed by Darin Adler.
113
114         Avoid strlen() in AtomicString::fromUTF8
115         https://bugs.webkit.org/show_bug.cgi?id=50516
116
117         Add an overload to calculateStringHashFromUTF8 to get
118         strlen() of the input data with only one call.
119
120         This change shows about 3% performance win on the xml-parser benchmark.
121
122         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
123         * wtf/text/AtomicString.cpp:
124         (WTF::AtomicString::fromUTF8):
125         * wtf/unicode/UTF8.cpp:
126         (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
127         (WTF::Unicode::calculateStringHashFromUTF8):
128         (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
129         * wtf/unicode/UTF8.h:
130
131 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
132
133         Windows build fix.
134
135         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
136
137 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
138
139         oops, build fix!
140
141         * wtf/Assertions.cpp:
142
143 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
144
145         Reviewed by Sam Weinig.
146
147         Bug 53650 - Add a BACKTRACE macro to Assertions.h
148
149         Add a BACKTRACE macro to Assertions.h, which will print a backtrace on
150         debug Mac builds, make CRASH (and thus ASSERT) automatically call this.
151
152         * JavaScriptCore.exp:
153         * wtf/Assertions.cpp:
154         * wtf/Assertions.h:
155
156 2011-02-02  Michael Saboff  <msaboff@apple.com>
157
158         Reviewed by Gavin Barraclough.
159
160         Improper backtrack of nested non-capturing greedy paren to prior paren
161         https://bugs.webkit.org/show_bug.cgi?id=53261
162
163         A paren that follows a non-capturing greedy paren nested within a 
164         non-capturing fixed paren was back tracking to the last paren 
165         processed instead of the immediately prior paren.
166         Refactored default backtracking of parens to prior paren to work for
167         both nested (within) and immediately prior (after) parens.
168
169         * yarr/YarrJIT.cpp:
170         (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
171         (JSC::Yarr::YarrGenerator::TermGenerationState::TermGenerationState):
172         (JSC::Yarr::YarrGenerator::TermGenerationState::setJumpListToPriorParen):
173         (JSC::Yarr::YarrGenerator::TermGenerationState::getJumpListToPriorParen):
174         (JSC::Yarr::YarrGenerator::ParenthesesTail::ParenthesesTail):
175         (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
176         (JSC::Yarr::YarrGenerator::generateParenthesesDisjunction):
177         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
178         (JSC::Yarr::YarrGenerator::generateDisjunction):
179
180 2011-02-02  Jeff Miller  <jeffm@apple.com>
181
182         Reviewed by Darin Adler and Steve Falkenburg.
183
184         Add DerivedSources.make to some Visual Studio projects
185         https://bugs.webkit.org/show_bug.cgi?id=53607
186
187         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add DerivedSources.make.
188
189 2011-02-02  Steve Lacey  <sjl@chromium.org>
190
191         Reviewed by Eric Carlson.
192
193         Implement basic media statistics on media elements.
194         https://bugs.webkit.org/show_bug.cgi?id=53322
195
196         * Configurations/FeatureDefines.xcconfig:
197
198 2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>
199
200         [wx] Build fixes for wxWebKit.
201
202         * wtf/wx/StringWx.cpp:
203         (WTF::String::String):
204
205 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
206
207         Reviewed by Sam Weinig.
208
209         A little more Heap refactoring
210         https://bugs.webkit.org/show_bug.cgi?id=53577
211         
212         SunSpider reports no change.
213         
214         Split out MarkedBlock into its own file / class.
215         
216         Did the following renames:
217             isCellMarked => isMarked
218             checkMarkCell => testAndSetMarked
219             markCell => setMarked
220             cellOffset => cellNumber
221             collectorBlock => blockFor
222
223         * Android.mk:
224         * CMakeLists.txt:
225         * GNUmakefile.am:
226         * JavaScriptCore.gypi:
227         * JavaScriptCore.pro:
228         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
229         * JavaScriptCore.xcodeproj/project.pbxproj:
230         * runtime/Heap.cpp:
231         (JSC::WeakGCHandlePool::update):
232         * runtime/Heap.h:
233         (JSC::Heap::isMarked):
234         (JSC::Heap::testAndSetMarked):
235         (JSC::Heap::setMarked):
236         * runtime/JSArray.h:
237         (JSC::MarkStack::markChildren):
238         (JSC::MarkStack::drain):
239         * runtime/JSCell.h:
240         (JSC::JSCell::MarkStack::internalAppend):
241         * runtime/MarkedBlock.cpp: Added.
242         * runtime/MarkedBlock.h: Added.
243         (JSC::MarkedBlock::blockFor):
244         (JSC::MarkedBlock::cellNumber):
245         (JSC::MarkedBlock::isMarked):
246         (JSC::MarkedBlock::testAndSetMarked):
247         (JSC::MarkedBlock::setMarked):
248         (JSC::MarkedBlock::isCellAligned):
249         (JSC::MarkedBlock::isPossibleCell):
250         * runtime/MarkedSpace.h:
251         (JSC::MarkedSpace::isMarked):
252         (JSC::MarkedSpace::testAndSetMarked):
253         (JSC::MarkedSpace::setMarked):
254         * runtime/SmallStrings.cpp:
255         (JSC::isMarked):
256         * runtime/WeakGCMap.h:
257         (JSC::WeakGCMap::isValid):
258         (JSC::::get):
259         (JSC::::take):
260         (JSC::::set):
261
262 2011-02-02  Sam Weinig  <sam@webkit.org>
263
264         Fix windows clean build.
265
266         * DerivedSources.make:
267
268 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
269
270         Reviewed by Martin Robinson.
271
272         [GTK] Fix dist compilation
273         https://bugs.webkit.org/show_bug.cgi?id=53579
274
275         * GNUmakefile.am: Added WriteBarrier.h to the sources, it was
276         added in r77151
277
278 2011-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
279
280         Unreviewed, rolling out r77297.
281         http://trac.webkit.org/changeset/77297
282         https://bugs.webkit.org/show_bug.cgi?id=53538
283
284         caused leopard crashes (Requested by paroga on #webkit).
285
286         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
287         * wtf/text/AtomicString.cpp:
288         (WTF::AtomicString::fromUTF8):
289         * wtf/unicode/UTF8.cpp:
290         (WTF::Unicode::calculateStringHashFromUTF8):
291         * wtf/unicode/UTF8.h:
292
293 2011-02-01  Sam Weinig  <sam@webkit.org>
294
295         Fix Mac production builds.
296
297         * JavaScriptCore.xcodeproj/project.pbxproj:
298
299 2011-02-01  Sam Weinig  <sam@webkit.org>
300
301         Try to fix the windows build.
302
303         * DerivedSources.make:
304
305 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
306
307         Reviewed by Darin Adler.
308
309         Avoid strlen() in AtomicString::fromUTF8
310         https://bugs.webkit.org/show_bug.cgi?id=50516
311
312         Add an overload to calculateStringHashFromUTF8 to get
313         strlen() of the input data with only one call.
314
315         This change shows about 3% performance win on the xml-parser benchmark.
316
317         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
318         * wtf/text/AtomicString.cpp:
319         (WTF::AtomicString::fromUTF8):
320         * wtf/unicode/UTF8.cpp:
321         (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
322         (WTF::Unicode::calculateStringHashFromUTF8):
323         (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
324         * wtf/unicode/UTF8.h:
325
326 2011-02-01  Sam Weinig  <sam@webkit.org>
327
328         Reviewed by Beth Dakin.
329
330         Part 2 for <rdar://problem/8492788>
331         Adopt WKScrollbarPainterController
332
333         Use header detection to define scrollbar painting controller #define.
334
335         * DerivedSources.make:
336         * JavaScriptCore.xcodeproj/project.pbxproj:
337
338 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
339
340         Reviewed by Oliver Hunt.
341
342         Refactor JSGlobalObject-related tear-down
343         https://bugs.webkit.org/show_bug.cgi?id=53478
344         
345         While investigating crashes caused by r77082, I noticed some strange
346         destructor-time behaviors. This patch makes them less strange.
347
348         * bytecode/CodeBlock.cpp:
349         (JSC::CodeBlock::CodeBlock):
350         (JSC::CodeBlock::markAggregate):
351         * bytecode/CodeBlock.h:
352         (JSC::CodeBlock::globalObject):
353         (JSC::GlobalCodeBlock::GlobalCodeBlock):
354         (JSC::GlobalCodeBlock::~GlobalCodeBlock): Store the set of global code
355         blocks on the Heap, instead of on independent global objects. The heap
356         is guaranteed to outlast any GC-owned data structure. The heap is also
357         a natural place to store objects that needs out-of-band marking, since
358         the heap is responsible for marking all roots.
359
360         * runtime/Heap.cpp:
361         (JSC::Heap::markRoots):
362         (JSC::Heap::globalObjectCount):
363         (JSC::Heap::protectedGlobalObjectCount):
364         * runtime/Heap.h:
365         (JSC::Heap::codeBlocks):
366         * runtime/JSGlobalData.cpp:
367         (JSC::JSGlobalData::JSGlobalData):
368         * runtime/JSGlobalData.h:
369         * runtime/JSGlobalObject.cpp:
370         (JSC::JSGlobalObject::~JSGlobalObject):
371         (JSC::JSGlobalObject::init):
372         (JSC::JSGlobalObject::markChildren):
373         * runtime/JSGlobalObject.h:
374         * runtime/MarkedSpace.cpp: Store the set of global objects in a weak map
375         owned by JSGlobalData, instead of an instrusive circular linked list.
376         This is simpler, and it avoids destructor-time access between garbage
377         collected objects, which is hard to get right.
378
379         (JSC::MarkedSpace::destroy): Make sure to clear mark bits before tearing
380         everything down. Otherwise, weak data structures will incorrectly report
381         that objects pending destruction are still alive.
382
383 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
384
385         Reviewed by Oliver Hunt.
386
387         REGRESSION(77082): GC-related crashes seen: on WebKit2 bot; on GTK 32bit
388         bot; loading trac pages; typing in search field
389         https://bugs.webkit.org/show_bug.cgi?id=53519
390         
391         The crashes were all caused by failure to run an object's destructor.
392
393         * runtime/CollectorHeapIterator.h:
394         (JSC::ObjectIterator::ObjectIterator): Don't skip forward upon
395         construction. The iterator class used to do that when it was designed
396         for prior-to-beginning initialization. I forgot to remove this line
397         of code when I changed the iterator to normal initialization.
398         
399         Skipping forward upon construction was causing the heap to skip running
400         the destructor for the very first object in a block when destroying the
401         block. This usually did not crash, since block destruction is rare and
402         most objects have pretty trivial destructors. However, in the rare case
403         when the heap would destroy a block whose first object was a global
404         object or a DOM node, BOOM.
405
406 2011-01-31  Oliver Hunt  <oliver@apple.com>
407
408         Reviewed by Geoffrey Garen.
409
410         Update JSObject storage for new marking API
411         https://bugs.webkit.org/show_bug.cgi?id=53467
412
413         JSObject no longer uses EncodedJSValue for its property storage.
414         This produces a stream of mechanical changes to PropertySlot and
415         anonymous storage APIs.
416
417         * JavaScriptCore.exp:
418         * runtime/ArrayPrototype.cpp:
419         (JSC::ArrayPrototype::ArrayPrototype):
420         * runtime/BooleanConstructor.cpp:
421         (JSC::constructBoolean):
422         (JSC::constructBooleanFromImmediateBoolean):
423         * runtime/BooleanObject.cpp:
424         (JSC::BooleanObject::BooleanObject):
425         * runtime/BooleanObject.h:
426         * runtime/BooleanPrototype.cpp:
427         (JSC::BooleanPrototype::BooleanPrototype):
428         * runtime/DateInstance.cpp:
429         (JSC::DateInstance::DateInstance):
430         * runtime/DatePrototype.cpp:
431         (JSC::DatePrototype::DatePrototype):
432         * runtime/JSActivation.cpp:
433         (JSC::JSActivation::getOwnPropertySlot):
434         * runtime/JSArray.cpp:
435         (JSC::JSArray::getOwnPropertySlot):
436         * runtime/JSFunction.cpp:
437         (JSC::JSFunction::getOwnPropertySlot):
438         * runtime/JSGlobalObject.h:
439         (JSC::JSGlobalObject::JSGlobalObject):
440         * runtime/JSObject.cpp:
441         (JSC::JSObject::fillGetterPropertySlot):
442         * runtime/JSObject.h:
443         (JSC::JSObject::getDirectLocation):
444         (JSC::JSObject::offsetForLocation):
445         (JSC::JSObject::putAnonymousValue):
446         (JSC::JSObject::clearAnonymousValue):
447         (JSC::JSObject::getAnonymousValue):
448         (JSC::JSObject::putThisToAnonymousValue):
449         (JSC::JSObject::locationForOffset):
450         (JSC::JSObject::inlineGetOwnPropertySlot):
451         * runtime/JSObjectWithGlobalObject.cpp:
452         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
453         * runtime/JSWrapperObject.h:
454         (JSC::JSWrapperObject::JSWrapperObject):
455         (JSC::JSWrapperObject::setInternalValue):
456         * runtime/Lookup.cpp:
457         (JSC::setUpStaticFunctionSlot):
458         * runtime/NumberConstructor.cpp:
459         (JSC::constructWithNumberConstructor):
460         * runtime/NumberObject.cpp:
461         (JSC::NumberObject::NumberObject):
462         (JSC::constructNumber):
463         * runtime/NumberObject.h:
464         * runtime/NumberPrototype.cpp:
465         (JSC::NumberPrototype::NumberPrototype):
466         * runtime/PropertySlot.h:
467         (JSC::PropertySlot::getValue):
468         (JSC::PropertySlot::setValue):
469         (JSC::PropertySlot::setRegisterSlot):
470         * runtime/StringObject.cpp:
471         (JSC::StringObject::StringObject):
472         * runtime/StringPrototype.cpp:
473         (JSC::StringPrototype::StringPrototype):
474         * runtime/WriteBarrier.h:
475         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
476
477 2011-02-01  Daniel Bates  <dbates@rim.com>
478
479         Reviewed by Antonio Gomes.
480
481         Modify RandomNumberSeed.h to use USE(MERSENNE_TWISTER_19937)
482         https://bugs.webkit.org/show_bug.cgi?id=53506
483
484         Currently, use of the Mersenne Twister pseudorandom number generator
485         is hardcoded to the Windows CE port. With the passing of bug #53253,
486         we can generalize support for this PRNG to all ports that use srand(3)
487         and rand(3), including Windows CE.
488
489         * wtf/RandomNumberSeed.h:
490         (WTF::initializeRandomNumberGenerator):
491
492 2011-02-01  Dave Tapuska  <dtapuska@rim.com>
493
494         Reviewed by Gavin Barraclough.
495
496         MacroAssemblerARM would generate code that did 32bit loads
497         on addresses that were not aligned. More specifically it would
498         generate a ldr r8,[r1, #7] which isn't valid on ARMv5 and lower.
499         The intended instruction really is ldrb r8,[r1, #7]; ensure we
500         call load8 instead of load32.
501
502         https://bugs.webkit.org/show_bug.cgi?id=46095
503
504         * assembler/MacroAssemblerARM.h:
505         (JSC::MacroAssemblerARM::set32Test32):
506         (JSC::MacroAssemblerARM::set32Test8):
507
508 2011-02-01  Darin Fisher  <darin@chromium.org>
509
510         Reviewed by Eric Seidel.
511
512         Fix some Visual Studio compiler warnings.
513         https://bugs.webkit.org/show_bug.cgi?id=53476
514
515         * wtf/MathExtras.h:
516         (clampToInteger):
517         (clampToPositiveInteger):
518         * wtf/ThreadingWin.cpp:
519         (WTF::absoluteTimeToWaitTimeoutInterval):
520
521 2011-01-31  Oliver Hunt  <oliver@apple.com>
522
523         Reviewed by Sam Weinig.
524
525         Bogus callframe during stack unwinding
526         https://bugs.webkit.org/show_bug.cgi?id=53454
527
528         Trying to access a callframe's globalData after destroying its
529         ScopeChain is not a good thing.  While we could access the
530         globalData directly through the (known valid) scopechain we're
531         holding on to, it feels fragile.  Instead we push the valid
532         ScopeChain onto the callframe again to ensure that the callframe
533         itself remains valid.
534
535         * interpreter/Interpreter.cpp:
536         (JSC::Interpreter::unwindCallFrame):
537
538 2011-01-31  Michael Saboff  <msaboff@apple.com>
539
540         Reviewed by Geoffrey Garen.
541
542         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
543         https://bugs.webkit.org/show_bug.cgi?id=53271
544
545         Reapplying this change again.
546         Changed isValid() to use .get() as a result of change r77151.
547
548         Added new isValid() methods to check if a contained object in
549         a WeakGCMap is valid when using an unchecked iterator.
550
551         * runtime/WeakGCMap.h:
552         (JSC::WeakGCMap::isValid):
553
554 2011-01-31  Oliver Hunt  <oliver@apple.com>
555
556         Convert markstack to a slot visitor API
557         https://bugs.webkit.org/show_bug.cgi?id=53219
558
559         rolling r77098, r77099, r77100, r77109, and
560         r77111 back in, along with a few more Qt fix attempts.
561
562         * API/JSCallbackObject.h:
563         (JSC::JSCallbackObjectData::setPrivateProperty):
564         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
565         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
566         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
567         (JSC::JSCallbackObject::setPrivateProperty):
568         * API/JSCallbackObjectFunctions.h:
569         (JSC::::put):
570         (JSC::::staticFunctionGetter):
571         * API/JSObjectRef.cpp:
572         (JSObjectMakeConstructor):
573         (JSObjectSetPrivateProperty):
574         * API/JSWeakObjectMapRefInternal.h:
575         * JavaScriptCore.exp:
576         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
577         * JavaScriptCore.xcodeproj/project.pbxproj:
578         * bytecode/CodeBlock.cpp:
579         (JSC::CodeBlock::markAggregate):
580         * bytecode/CodeBlock.h:
581         (JSC::CodeBlock::globalObject):
582         * bytecompiler/BytecodeGenerator.cpp:
583         (JSC::BytecodeGenerator::BytecodeGenerator):
584         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
585         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
586         (JSC::BytecodeGenerator::findScopedProperty):
587         * debugger/Debugger.cpp:
588         (JSC::evaluateInGlobalCallFrame):
589         * debugger/DebuggerActivation.cpp:
590         (JSC::DebuggerActivation::DebuggerActivation):
591         (JSC::DebuggerActivation::markChildren):
592         * debugger/DebuggerActivation.h:
593         * debugger/DebuggerCallFrame.cpp:
594         (JSC::DebuggerCallFrame::evaluate):
595         * interpreter/CallFrame.h:
596         (JSC::ExecState::exception):
597         * interpreter/Interpreter.cpp:
598         (JSC::Interpreter::resolve):
599         (JSC::Interpreter::resolveSkip):
600         (JSC::Interpreter::resolveGlobal):
601         (JSC::Interpreter::resolveGlobalDynamic):
602         (JSC::Interpreter::resolveBaseAndProperty):
603         (JSC::Interpreter::unwindCallFrame):
604         (JSC::appendSourceToError):
605         (JSC::Interpreter::execute):
606         (JSC::Interpreter::tryCacheGetByID):
607         (JSC::Interpreter::privateExecute):
608         * jit/JITStubs.cpp:
609         (JSC::JITThunks::tryCacheGetByID):
610         (JSC::DEFINE_STUB_FUNCTION):
611         * jsc.cpp:
612         (GlobalObject::GlobalObject):
613         * runtime/ArgList.cpp:
614         (JSC::MarkedArgumentBuffer::markLists):
615         * runtime/Arguments.cpp:
616         (JSC::Arguments::markChildren):
617         (JSC::Arguments::getOwnPropertySlot):
618         (JSC::Arguments::getOwnPropertyDescriptor):
619         (JSC::Arguments::put):
620         * runtime/Arguments.h:
621         (JSC::Arguments::setActivation):
622         (JSC::Arguments::Arguments):
623         * runtime/ArrayConstructor.cpp:
624         (JSC::ArrayConstructor::ArrayConstructor):
625         (JSC::constructArrayWithSizeQuirk):
626         * runtime/ArrayPrototype.cpp:
627         (JSC::arrayProtoFuncSplice):
628         * runtime/BatchedTransitionOptimizer.h:
629         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
630         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
631         * runtime/BooleanConstructor.cpp:
632         (JSC::BooleanConstructor::BooleanConstructor):
633         (JSC::constructBoolean):
634         (JSC::constructBooleanFromImmediateBoolean):
635         * runtime/BooleanPrototype.cpp:
636         (JSC::BooleanPrototype::BooleanPrototype):
637         * runtime/ConservativeSet.cpp:
638         (JSC::ConservativeSet::grow):
639         * runtime/ConservativeSet.h:
640         (JSC::ConservativeSet::~ConservativeSet):
641         (JSC::ConservativeSet::mark):
642         * runtime/DateConstructor.cpp:
643         (JSC::DateConstructor::DateConstructor):
644         * runtime/DateInstance.cpp:
645         (JSC::DateInstance::DateInstance):
646         * runtime/DatePrototype.cpp:
647         (JSC::dateProtoFuncSetTime):
648         (JSC::setNewValueFromTimeArgs):
649         (JSC::setNewValueFromDateArgs):
650         (JSC::dateProtoFuncSetYear):
651         * runtime/ErrorConstructor.cpp:
652         (JSC::ErrorConstructor::ErrorConstructor):
653         * runtime/ErrorInstance.cpp:
654         (JSC::ErrorInstance::ErrorInstance):
655         * runtime/ErrorPrototype.cpp:
656         (JSC::ErrorPrototype::ErrorPrototype):
657         * runtime/FunctionConstructor.cpp:
658         (JSC::FunctionConstructor::FunctionConstructor):
659         * runtime/FunctionPrototype.cpp:
660         (JSC::FunctionPrototype::FunctionPrototype):
661         * runtime/GetterSetter.cpp:
662         (JSC::GetterSetter::markChildren):
663         * runtime/GetterSetter.h:
664         (JSC::GetterSetter::GetterSetter):
665         (JSC::GetterSetter::getter):
666         (JSC::GetterSetter::setGetter):
667         (JSC::GetterSetter::setter):
668         (JSC::GetterSetter::setSetter):
669         * runtime/GlobalEvalFunction.cpp:
670         (JSC::GlobalEvalFunction::GlobalEvalFunction):
671         (JSC::GlobalEvalFunction::markChildren):
672         * runtime/GlobalEvalFunction.h:
673         (JSC::GlobalEvalFunction::cachedGlobalObject):
674         * runtime/Heap.cpp:
675         (JSC::Heap::markProtectedObjects):
676         (JSC::Heap::markTempSortVectors):
677         (JSC::Heap::markRoots):
678         * runtime/InternalFunction.cpp:
679         (JSC::InternalFunction::InternalFunction):
680         * runtime/JSAPIValueWrapper.h:
681         (JSC::JSAPIValueWrapper::value):
682         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
683         * runtime/JSActivation.cpp:
684         (JSC::JSActivation::markChildren):
685         (JSC::JSActivation::put):
686         * runtime/JSArray.cpp:
687         (JSC::JSArray::JSArray):
688         (JSC::JSArray::getOwnPropertySlot):
689         (JSC::JSArray::getOwnPropertyDescriptor):
690         (JSC::JSArray::put):
691         (JSC::JSArray::putSlowCase):
692         (JSC::JSArray::deleteProperty):
693         (JSC::JSArray::increaseVectorLength):
694         (JSC::JSArray::setLength):
695         (JSC::JSArray::pop):
696         (JSC::JSArray::push):
697         (JSC::JSArray::unshiftCount):
698         (JSC::JSArray::sort):
699         (JSC::JSArray::fillArgList):
700         (JSC::JSArray::copyToRegisters):
701         (JSC::JSArray::compactForSorting):
702         * runtime/JSArray.h:
703         (JSC::JSArray::getIndex):
704         (JSC::JSArray::setIndex):
705         (JSC::JSArray::uncheckedSetIndex):
706         (JSC::JSArray::markChildrenDirect):
707         * runtime/JSByteArray.cpp:
708         (JSC::JSByteArray::JSByteArray):
709         * runtime/JSCell.h:
710         (JSC::JSCell::MarkStack::append):
711         (JSC::JSCell::MarkStack::internalAppend):
712         (JSC::JSCell::MarkStack::deprecatedAppend):
713         * runtime/JSFunction.cpp:
714         (JSC::JSFunction::JSFunction):
715         (JSC::JSFunction::getOwnPropertySlot):
716         * runtime/JSGlobalData.h:
717         * runtime/JSGlobalObject.cpp:
718         (JSC::markIfNeeded):
719         (JSC::JSGlobalObject::reset):
720         (JSC::JSGlobalObject::resetPrototype):
721         (JSC::JSGlobalObject::markChildren):
722         * runtime/JSGlobalObject.h:
723         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
724         (JSC::JSGlobalObject::regExpConstructor):
725         (JSC::JSGlobalObject::errorConstructor):
726         (JSC::JSGlobalObject::evalErrorConstructor):
727         (JSC::JSGlobalObject::rangeErrorConstructor):
728         (JSC::JSGlobalObject::referenceErrorConstructor):
729         (JSC::JSGlobalObject::syntaxErrorConstructor):
730         (JSC::JSGlobalObject::typeErrorConstructor):
731         (JSC::JSGlobalObject::URIErrorConstructor):
732         (JSC::JSGlobalObject::evalFunction):
733         (JSC::JSGlobalObject::objectPrototype):
734         (JSC::JSGlobalObject::functionPrototype):
735         (JSC::JSGlobalObject::arrayPrototype):
736         (JSC::JSGlobalObject::booleanPrototype):
737         (JSC::JSGlobalObject::stringPrototype):
738         (JSC::JSGlobalObject::numberPrototype):
739         (JSC::JSGlobalObject::datePrototype):
740         (JSC::JSGlobalObject::regExpPrototype):
741         (JSC::JSGlobalObject::methodCallDummy):
742         (JSC::Structure::prototypeForLookup):
743         (JSC::constructArray):
744         * runtime/JSONObject.cpp:
745         (JSC::Stringifier::Holder::object):
746         (JSC::Stringifier::Holder::objectSlot):
747         (JSC::Stringifier::markAggregate):
748         (JSC::Stringifier::stringify):
749         (JSC::Stringifier::Holder::appendNextProperty):
750         (JSC::Walker::callReviver):
751         (JSC::Walker::walk):
752         * runtime/JSObject.cpp:
753         (JSC::JSObject::defineGetter):
754         (JSC::JSObject::defineSetter):
755         (JSC::JSObject::removeDirect):
756         (JSC::JSObject::putDirectFunction):
757         (JSC::JSObject::putDirectFunctionWithoutTransition):
758         (JSC::putDescriptor):
759         (JSC::JSObject::defineOwnProperty):
760         * runtime/JSObject.h:
761         (JSC::JSObject::getDirectOffset):
762         (JSC::JSObject::putDirectOffset):
763         (JSC::JSObject::putUndefinedAtDirectOffset):
764         (JSC::JSObject::flattenDictionaryObject):
765         (JSC::JSObject::putDirectInternal):
766         (JSC::JSObject::putDirect):
767         (JSC::JSObject::putDirectFunction):
768         (JSC::JSObject::putDirectWithoutTransition):
769         (JSC::JSObject::putDirectFunctionWithoutTransition):
770         (JSC::JSValue::putDirect):
771         (JSC::JSObject::allocatePropertyStorageInline):
772         (JSC::JSObject::markChildrenDirect):
773         * runtime/JSPropertyNameIterator.cpp:
774         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
775         (JSC::JSPropertyNameIterator::get):
776         * runtime/JSPropertyNameIterator.h:
777         * runtime/JSStaticScopeObject.cpp:
778         (JSC::JSStaticScopeObject::markChildren):
779         * runtime/JSString.cpp:
780         (JSC::StringObject::create):
781         * runtime/JSValue.h:
782         * runtime/JSWrapperObject.cpp:
783         (JSC::JSWrapperObject::markChildren):
784         * runtime/JSWrapperObject.h:
785         (JSC::JSWrapperObject::internalValue):
786         (JSC::JSWrapperObject::setInternalValue):
787         * runtime/LiteralParser.cpp:
788         (JSC::LiteralParser::parse):
789         * runtime/Lookup.cpp:
790         (JSC::setUpStaticFunctionSlot):
791         * runtime/Lookup.h:
792         (JSC::lookupPut):
793         * runtime/MarkStack.h:
794         (JSC::MarkStack::MarkStack):
795         (JSC::MarkStack::deprecatedAppendValues):
796         (JSC::MarkStack::appendValues):
797         * runtime/MathObject.cpp:
798         (JSC::MathObject::MathObject):
799         * runtime/NativeErrorConstructor.cpp:
800         (JSC::NativeErrorConstructor::NativeErrorConstructor):
801         * runtime/NativeErrorPrototype.cpp:
802         (JSC::NativeErrorPrototype::NativeErrorPrototype):
803         * runtime/NumberConstructor.cpp:
804         (JSC::NumberConstructor::NumberConstructor):
805         (JSC::constructWithNumberConstructor):
806         * runtime/NumberObject.cpp:
807         (JSC::constructNumber):
808         * runtime/NumberPrototype.cpp:
809         (JSC::NumberPrototype::NumberPrototype):
810         * runtime/ObjectConstructor.cpp:
811         (JSC::ObjectConstructor::ObjectConstructor):
812         (JSC::objectConstructorGetOwnPropertyDescriptor):
813         * runtime/Operations.h:
814         (JSC::normalizePrototypeChain):
815         (JSC::resolveBase):
816         * runtime/PrototypeFunction.cpp:
817         (JSC::PrototypeFunction::PrototypeFunction):
818         * runtime/PutPropertySlot.h:
819         (JSC::PutPropertySlot::setExistingProperty):
820         (JSC::PutPropertySlot::setNewProperty):
821         (JSC::PutPropertySlot::base):
822         * runtime/RegExpConstructor.cpp:
823         (JSC::RegExpConstructor::RegExpConstructor):
824         * runtime/ScopeChain.cpp:
825         (JSC::ScopeChainNode::print):
826         * runtime/ScopeChain.h:
827         (JSC::ScopeChainNode::~ScopeChainNode):
828         (JSC::ScopeChainIterator::operator*):
829         (JSC::ScopeChainIterator::operator->):
830         (JSC::ScopeChain::top):
831         * runtime/ScopeChainMark.h:
832         (JSC::ScopeChain::markAggregate):
833         * runtime/SmallStrings.cpp:
834         (JSC::isMarked):
835         (JSC::SmallStrings::markChildren):
836         * runtime/SmallStrings.h:
837         (JSC::SmallStrings::emptyString):
838         (JSC::SmallStrings::singleCharacterString):
839         (JSC::SmallStrings::singleCharacterStrings):
840         * runtime/StringConstructor.cpp:
841         (JSC::StringConstructor::StringConstructor):
842         * runtime/StringObject.cpp:
843         (JSC::StringObject::StringObject):
844         * runtime/StringObject.h:
845         * runtime/StringPrototype.cpp:
846         (JSC::StringPrototype::StringPrototype):
847         * runtime/Structure.cpp:
848         (JSC::Structure::Structure):
849         (JSC::Structure::addPropertyTransition):
850         (JSC::Structure::toDictionaryTransition):
851         (JSC::Structure::flattenDictionaryStructure):
852         * runtime/Structure.h:
853         (JSC::Structure::storedPrototype):
854         (JSC::Structure::storedPrototypeSlot):
855         * runtime/WeakGCMap.h:
856         (JSC::WeakGCMap::uncheckedGet):
857         (JSC::WeakGCMap::uncheckedGetSlot):
858         (JSC::::get):
859         (JSC::::take):
860         (JSC::::set):
861         (JSC::::uncheckedRemove):
862         * runtime/WriteBarrier.h: Added.
863         (JSC::DeprecatedPtr::DeprecatedPtr):
864         (JSC::DeprecatedPtr::get):
865         (JSC::DeprecatedPtr::operator*):
866         (JSC::DeprecatedPtr::operator->):
867         (JSC::DeprecatedPtr::slot):
868         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
869         (JSC::DeprecatedPtr::operator!):
870         (JSC::WriteBarrierBase::set):
871         (JSC::WriteBarrierBase::get):
872         (JSC::WriteBarrierBase::operator*):
873         (JSC::WriteBarrierBase::operator->):
874         (JSC::WriteBarrierBase::clear):
875         (JSC::WriteBarrierBase::slot):
876         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
877         (JSC::WriteBarrierBase::operator!):
878         (JSC::WriteBarrier::WriteBarrier):
879         (JSC::operator==):
880
881 2011-01-31  Dan Winship  <danw@gnome.org>
882
883         Reviewed by Gustavo Noronha Silva.
884
885         wss (websockets ssl) support for gtk via new gio TLS support
886         https://bugs.webkit.org/show_bug.cgi?id=50344
887
888         Add a GPollableOutputStream typedef for TLS WebSockets support
889
890         * wtf/gobject/GTypedefs.h:
891
892 2011-01-31  Gavin Barraclough  <barraclough@apple.com>
893
894         Reviewed by Geoff Garen.
895
896         https://bugs.webkit.org/show_bug.cgi?id=53352
897         Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
898
899         The FixedVMPoolAllocator currently uses a best fix policy -
900         switch to first fit, this is less prone to external fragmentation.
901
902         * jit/ExecutableAllocatorFixedVMPool.cpp:
903         (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
904         (JSC::AllocationTableSizeClass::blockSize):
905         (JSC::AllocationTableSizeClass::blockCount):
906         (JSC::AllocationTableSizeClass::blockAlignment):
907         (JSC::AllocationTableSizeClass::size):
908         (JSC::AllocationTableLeaf::AllocationTableLeaf):
909         (JSC::AllocationTableLeaf::~AllocationTableLeaf):
910         (JSC::AllocationTableLeaf::allocate):
911         (JSC::AllocationTableLeaf::free):
912         (JSC::AllocationTableLeaf::isEmpty):
913         (JSC::AllocationTableLeaf::isFull):
914         (JSC::AllocationTableLeaf::size):
915         (JSC::AllocationTableLeaf::classForSize):
916         (JSC::AllocationTableLeaf::dump):
917         (JSC::LazyAllocationTable::LazyAllocationTable):
918         (JSC::LazyAllocationTable::~LazyAllocationTable):
919         (JSC::LazyAllocationTable::allocate):
920         (JSC::LazyAllocationTable::free):
921         (JSC::LazyAllocationTable::isEmpty):
922         (JSC::LazyAllocationTable::isFull):
923         (JSC::LazyAllocationTable::size):
924         (JSC::LazyAllocationTable::dump):
925         (JSC::LazyAllocationTable::classForSize):
926         (JSC::AllocationTableDirectory::AllocationTableDirectory):
927         (JSC::AllocationTableDirectory::~AllocationTableDirectory):
928         (JSC::AllocationTableDirectory::allocate):
929         (JSC::AllocationTableDirectory::free):
930         (JSC::AllocationTableDirectory::isEmpty):
931         (JSC::AllocationTableDirectory::isFull):
932         (JSC::AllocationTableDirectory::size):
933         (JSC::AllocationTableDirectory::classForSize):
934         (JSC::AllocationTableDirectory::dump):
935         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
936         (JSC::FixedVMPoolAllocator::alloc):
937         (JSC::FixedVMPoolAllocator::free):
938         (JSC::FixedVMPoolAllocator::allocated):
939         (JSC::FixedVMPoolAllocator::isValid):
940         (JSC::FixedVMPoolAllocator::classForSize):
941         (JSC::FixedVMPoolAllocator::offsetToPointer):
942         (JSC::FixedVMPoolAllocator::pointerToOffset):
943         (JSC::ExecutableAllocator::committedByteCount):
944         (JSC::ExecutableAllocator::isValid):
945         (JSC::ExecutableAllocator::underMemoryPressure):
946         (JSC::ExecutablePool::systemAlloc):
947         (JSC::ExecutablePool::systemRelease):
948         * wtf/PageReservation.h:
949         (WTF::PageReservation::PageReservation):
950         (WTF::PageReservation::commit):
951         (WTF::PageReservation::decommit):
952         (WTF::PageReservation::committed):
953
954 2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>
955
956         Unreviewed, rolling out r76969.
957         http://trac.webkit.org/changeset/76969
958         https://bugs.webkit.org/show_bug.cgi?id=53418
959
960         "It is causing crashes in GTK+ and Leopard bots" (Requested by
961         alexg__ on #webkit).
962
963         * runtime/WeakGCMap.h:
964
965 2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>
966
967         Unreviewed, rolling out r77098, r77099, r77100, r77109, and
968         r77111.
969         http://trac.webkit.org/changeset/77098
970         http://trac.webkit.org/changeset/77099
971         http://trac.webkit.org/changeset/77100
972         http://trac.webkit.org/changeset/77109
973         http://trac.webkit.org/changeset/77111
974         https://bugs.webkit.org/show_bug.cgi?id=53219
975
976         Qt build is broken
977
978         * API/JSCallbackObject.h:
979         (JSC::JSCallbackObjectData::setPrivateProperty):
980         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
981         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
982         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
983         (JSC::JSCallbackObject::setPrivateProperty):
984         * API/JSCallbackObjectFunctions.h:
985         (JSC::::put):
986         (JSC::::staticFunctionGetter):
987         * API/JSObjectRef.cpp:
988         (JSObjectMakeConstructor):
989         (JSObjectSetPrivateProperty):
990         * API/JSWeakObjectMapRefInternal.h:
991         * JavaScriptCore.exp:
992         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
993         * JavaScriptCore.xcodeproj/project.pbxproj:
994         * bytecode/CodeBlock.cpp:
995         (JSC::CodeBlock::markAggregate):
996         * bytecode/CodeBlock.h:
997         (JSC::CodeBlock::globalObject):
998         * bytecompiler/BytecodeGenerator.cpp:
999         (JSC::BytecodeGenerator::BytecodeGenerator):
1000         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1001         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1002         (JSC::BytecodeGenerator::findScopedProperty):
1003         * debugger/Debugger.cpp:
1004         (JSC::evaluateInGlobalCallFrame):
1005         * debugger/DebuggerActivation.cpp:
1006         (JSC::DebuggerActivation::DebuggerActivation):
1007         (JSC::DebuggerActivation::markChildren):
1008         * debugger/DebuggerActivation.h:
1009         * debugger/DebuggerCallFrame.cpp:
1010         (JSC::DebuggerCallFrame::evaluate):
1011         * interpreter/CallFrame.h:
1012         (JSC::ExecState::exception):
1013         * interpreter/Interpreter.cpp:
1014         (JSC::Interpreter::resolve):
1015         (JSC::Interpreter::resolveSkip):
1016         (JSC::Interpreter::resolveGlobal):
1017         (JSC::Interpreter::resolveGlobalDynamic):
1018         (JSC::Interpreter::resolveBaseAndProperty):
1019         (JSC::Interpreter::unwindCallFrame):
1020         (JSC::appendSourceToError):
1021         (JSC::Interpreter::execute):
1022         (JSC::Interpreter::tryCacheGetByID):
1023         (JSC::Interpreter::privateExecute):
1024         * jit/JITStubs.cpp:
1025         (JSC::JITThunks::tryCacheGetByID):
1026         (JSC::DEFINE_STUB_FUNCTION):
1027         * jsc.cpp:
1028         (GlobalObject::GlobalObject):
1029         * runtime/ArgList.cpp:
1030         (JSC::MarkedArgumentBuffer::markLists):
1031         * runtime/Arguments.cpp:
1032         (JSC::Arguments::markChildren):
1033         (JSC::Arguments::getOwnPropertySlot):
1034         (JSC::Arguments::getOwnPropertyDescriptor):
1035         (JSC::Arguments::put):
1036         * runtime/Arguments.h:
1037         (JSC::Arguments::setActivation):
1038         (JSC::Arguments::Arguments):
1039         * runtime/ArrayConstructor.cpp:
1040         (JSC::ArrayConstructor::ArrayConstructor):
1041         (JSC::constructArrayWithSizeQuirk):
1042         * runtime/ArrayPrototype.cpp:
1043         (JSC::arrayProtoFuncSplice):
1044         * runtime/BatchedTransitionOptimizer.h:
1045         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
1046         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
1047         * runtime/BooleanConstructor.cpp:
1048         (JSC::BooleanConstructor::BooleanConstructor):
1049         (JSC::constructBoolean):
1050         (JSC::constructBooleanFromImmediateBoolean):
1051         * runtime/BooleanPrototype.cpp:
1052         (JSC::BooleanPrototype::BooleanPrototype):
1053         * runtime/ConservativeSet.cpp:
1054         (JSC::ConservativeSet::grow):
1055         * runtime/ConservativeSet.h:
1056         (JSC::ConservativeSet::~ConservativeSet):
1057         (JSC::ConservativeSet::mark):
1058         * runtime/DateConstructor.cpp:
1059         (JSC::DateConstructor::DateConstructor):
1060         * runtime/DateInstance.cpp:
1061         (JSC::DateInstance::DateInstance):
1062         * runtime/DatePrototype.cpp:
1063         (JSC::dateProtoFuncSetTime):
1064         (JSC::setNewValueFromTimeArgs):
1065         (JSC::setNewValueFromDateArgs):
1066         (JSC::dateProtoFuncSetYear):
1067         * runtime/ErrorConstructor.cpp:
1068         (JSC::ErrorConstructor::ErrorConstructor):
1069         * runtime/ErrorInstance.cpp:
1070         (JSC::ErrorInstance::ErrorInstance):
1071         * runtime/ErrorPrototype.cpp:
1072         (JSC::ErrorPrototype::ErrorPrototype):
1073         * runtime/FunctionConstructor.cpp:
1074         (JSC::FunctionConstructor::FunctionConstructor):
1075         * runtime/FunctionPrototype.cpp:
1076         (JSC::FunctionPrototype::FunctionPrototype):
1077         * runtime/GetterSetter.cpp:
1078         (JSC::GetterSetter::markChildren):
1079         * runtime/GetterSetter.h:
1080         (JSC::GetterSetter::GetterSetter):
1081         (JSC::GetterSetter::getter):
1082         (JSC::GetterSetter::setGetter):
1083         (JSC::GetterSetter::setter):
1084         (JSC::GetterSetter::setSetter):
1085         * runtime/GlobalEvalFunction.cpp:
1086         (JSC::GlobalEvalFunction::GlobalEvalFunction):
1087         (JSC::GlobalEvalFunction::markChildren):
1088         * runtime/GlobalEvalFunction.h:
1089         (JSC::GlobalEvalFunction::cachedGlobalObject):
1090         * runtime/Heap.cpp:
1091         (JSC::Heap::markProtectedObjects):
1092         (JSC::Heap::markTempSortVectors):
1093         (JSC::Heap::markRoots):
1094         * runtime/InternalFunction.cpp:
1095         (JSC::InternalFunction::InternalFunction):
1096         * runtime/JSAPIValueWrapper.h:
1097         (JSC::JSAPIValueWrapper::value):
1098         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1099         * runtime/JSActivation.cpp:
1100         (JSC::JSActivation::markChildren):
1101         (JSC::JSActivation::put):
1102         * runtime/JSArray.cpp:
1103         (JSC::JSArray::JSArray):
1104         (JSC::JSArray::getOwnPropertySlot):
1105         (JSC::JSArray::getOwnPropertyDescriptor):
1106         (JSC::JSArray::put):
1107         (JSC::JSArray::putSlowCase):
1108         (JSC::JSArray::deleteProperty):
1109         (JSC::JSArray::increaseVectorLength):
1110         (JSC::JSArray::setLength):
1111         (JSC::JSArray::pop):
1112         (JSC::JSArray::push):
1113         (JSC::JSArray::unshiftCount):
1114         (JSC::JSArray::sort):
1115         (JSC::JSArray::fillArgList):
1116         (JSC::JSArray::copyToRegisters):
1117         (JSC::JSArray::compactForSorting):
1118         * runtime/JSArray.h:
1119         (JSC::JSArray::getIndex):
1120         (JSC::JSArray::setIndex):
1121         (JSC::JSArray::uncheckedSetIndex):
1122         (JSC::JSArray::markChildrenDirect):
1123         * runtime/JSByteArray.cpp:
1124         (JSC::JSByteArray::JSByteArray):
1125         * runtime/JSCell.h:
1126         (JSC::JSCell::JSValue::toThisObject):
1127         (JSC::JSCell::MarkStack::append):
1128         * runtime/JSFunction.cpp:
1129         (JSC::JSFunction::JSFunction):
1130         (JSC::JSFunction::getOwnPropertySlot):
1131         * runtime/JSGlobalData.h:
1132         * runtime/JSGlobalObject.cpp:
1133         (JSC::markIfNeeded):
1134         (JSC::JSGlobalObject::reset):
1135         (JSC::JSGlobalObject::resetPrototype):
1136         (JSC::JSGlobalObject::markChildren):
1137         * runtime/JSGlobalObject.h:
1138         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
1139         (JSC::JSGlobalObject::regExpConstructor):
1140         (JSC::JSGlobalObject::errorConstructor):
1141         (JSC::JSGlobalObject::evalErrorConstructor):
1142         (JSC::JSGlobalObject::rangeErrorConstructor):
1143         (JSC::JSGlobalObject::referenceErrorConstructor):
1144         (JSC::JSGlobalObject::syntaxErrorConstructor):
1145         (JSC::JSGlobalObject::typeErrorConstructor):
1146         (JSC::JSGlobalObject::URIErrorConstructor):
1147         (JSC::JSGlobalObject::evalFunction):
1148         (JSC::JSGlobalObject::objectPrototype):
1149         (JSC::JSGlobalObject::functionPrototype):
1150         (JSC::JSGlobalObject::arrayPrototype):
1151         (JSC::JSGlobalObject::booleanPrototype):
1152         (JSC::JSGlobalObject::stringPrototype):
1153         (JSC::JSGlobalObject::numberPrototype):
1154         (JSC::JSGlobalObject::datePrototype):
1155         (JSC::JSGlobalObject::regExpPrototype):
1156         (JSC::JSGlobalObject::methodCallDummy):
1157         (JSC::Structure::prototypeForLookup):
1158         (JSC::constructArray):
1159         * runtime/JSONObject.cpp:
1160         (JSC::Stringifier::Holder::object):
1161         (JSC::Stringifier::markAggregate):
1162         (JSC::Stringifier::stringify):
1163         (JSC::Stringifier::Holder::appendNextProperty):
1164         (JSC::Walker::callReviver):
1165         (JSC::Walker::walk):
1166         * runtime/JSObject.cpp:
1167         (JSC::JSObject::defineGetter):
1168         (JSC::JSObject::defineSetter):
1169         (JSC::JSObject::removeDirect):
1170         (JSC::JSObject::putDirectFunction):
1171         (JSC::JSObject::putDirectFunctionWithoutTransition):
1172         (JSC::putDescriptor):
1173         (JSC::JSObject::defineOwnProperty):
1174         * runtime/JSObject.h:
1175         (JSC::JSObject::getDirectOffset):
1176         (JSC::JSObject::putDirectOffset):
1177         (JSC::JSObject::flattenDictionaryObject):
1178         (JSC::JSObject::putDirectInternal):
1179         (JSC::JSObject::putDirect):
1180         (JSC::JSObject::putDirectFunction):
1181         (JSC::JSObject::putDirectWithoutTransition):
1182         (JSC::JSObject::putDirectFunctionWithoutTransition):
1183         (JSC::JSValue::putDirect):
1184         (JSC::JSObject::allocatePropertyStorageInline):
1185         (JSC::JSObject::markChildrenDirect):
1186         * runtime/JSPropertyNameIterator.cpp:
1187         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1188         (JSC::JSPropertyNameIterator::get):
1189         * runtime/JSPropertyNameIterator.h:
1190         * runtime/JSStaticScopeObject.cpp:
1191         (JSC::JSStaticScopeObject::markChildren):
1192         * runtime/JSString.cpp:
1193         (JSC::StringObject::create):
1194         * runtime/JSValue.h:
1195         * runtime/JSWrapperObject.cpp:
1196         (JSC::JSWrapperObject::markChildren):
1197         * runtime/JSWrapperObject.h:
1198         (JSC::JSWrapperObject::internalValue):
1199         (JSC::JSWrapperObject::setInternalValue):
1200         * runtime/LiteralParser.cpp:
1201         (JSC::LiteralParser::parse):
1202         * runtime/Lookup.cpp:
1203         (JSC::setUpStaticFunctionSlot):
1204         * runtime/Lookup.h:
1205         (JSC::lookupPut):
1206         * runtime/MarkStack.h:
1207         (JSC::MarkStack::appendValues):
1208         * runtime/MathObject.cpp:
1209         (JSC::MathObject::MathObject):
1210         * runtime/NativeErrorConstructor.cpp:
1211         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1212         * runtime/NativeErrorPrototype.cpp:
1213         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1214         * runtime/NumberConstructor.cpp:
1215         (JSC::NumberConstructor::NumberConstructor):
1216         (JSC::constructWithNumberConstructor):
1217         * runtime/NumberObject.cpp:
1218         (JSC::constructNumber):
1219         * runtime/NumberPrototype.cpp:
1220         (JSC::NumberPrototype::NumberPrototype):
1221         * runtime/ObjectConstructor.cpp:
1222         (JSC::ObjectConstructor::ObjectConstructor):
1223         (JSC::objectConstructorGetOwnPropertyDescriptor):
1224         * runtime/Operations.h:
1225         (JSC::normalizePrototypeChain):
1226         (JSC::resolveBase):
1227         * runtime/PrototypeFunction.cpp:
1228         (JSC::PrototypeFunction::PrototypeFunction):
1229         * runtime/PutPropertySlot.h:
1230         (JSC::PutPropertySlot::setExistingProperty):
1231         (JSC::PutPropertySlot::setNewProperty):
1232         (JSC::PutPropertySlot::base):
1233         * runtime/RegExpConstructor.cpp:
1234         (JSC::RegExpConstructor::RegExpConstructor):
1235         * runtime/ScopeChain.cpp:
1236         (JSC::ScopeChainNode::print):
1237         * runtime/ScopeChain.h:
1238         (JSC::ScopeChainNode::~ScopeChainNode):
1239         (JSC::ScopeChainIterator::operator*):
1240         (JSC::ScopeChainIterator::operator->):
1241         (JSC::ScopeChain::top):
1242         * runtime/ScopeChainMark.h:
1243         (JSC::ScopeChain::markAggregate):
1244         * runtime/SmallStrings.cpp:
1245         (JSC::isMarked):
1246         (JSC::SmallStrings::markChildren):
1247         * runtime/SmallStrings.h:
1248         (JSC::SmallStrings::emptyString):
1249         (JSC::SmallStrings::singleCharacterString):
1250         (JSC::SmallStrings::singleCharacterStrings):
1251         * runtime/StringConstructor.cpp:
1252         (JSC::StringConstructor::StringConstructor):
1253         * runtime/StringObject.cpp:
1254         (JSC::StringObject::StringObject):
1255         * runtime/StringObject.h:
1256         * runtime/StringPrototype.cpp:
1257         (JSC::StringPrototype::StringPrototype):
1258         * runtime/Structure.cpp:
1259         (JSC::Structure::Structure):
1260         (JSC::Structure::addPropertyTransition):
1261         (JSC::Structure::toDictionaryTransition):
1262         (JSC::Structure::flattenDictionaryStructure):
1263         * runtime/Structure.h:
1264         (JSC::Structure::storedPrototype):
1265         * runtime/WeakGCMap.h:
1266         (JSC::WeakGCMap::uncheckedGet):
1267         (JSC::WeakGCMap::isValid):
1268         (JSC::::get):
1269         (JSC::::take):
1270         (JSC::::set):
1271         (JSC::::uncheckedRemove):
1272         * runtime/WriteBarrier.h: Removed.
1273
1274 2011-01-30  Simon Fraser  <simon.fraser@apple.com>
1275
1276         Build fix the build fix. I assume Oliver meant m_cell, not m_value.
1277
1278         * runtime/WriteBarrier.h:
1279         (JSC::WriteBarrierBase::clear):
1280
1281 2011-01-30  Oliver Hunt  <oliver@apple.com>
1282
1283         More Qt build fixes
1284
1285         * runtime/WriteBarrier.h:
1286         (JSC::WriteBarrierBase::clear):
1287
1288 2011-01-30  Oliver Hunt  <oliver@apple.com>
1289
1290         Convert markstack to a slot visitor API
1291         https://bugs.webkit.org/show_bug.cgi?id=53219
1292
1293         rolling r77006 and r77020 back in.
1294
1295         * API/JSCallbackObject.h:
1296         (JSC::JSCallbackObjectData::setPrivateProperty):
1297         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1298         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1299         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
1300         (JSC::JSCallbackObject::setPrivateProperty):
1301         * API/JSCallbackObjectFunctions.h:
1302         (JSC::::put):
1303         (JSC::::staticFunctionGetter):
1304         * API/JSObjectRef.cpp:
1305         (JSObjectMakeConstructor):
1306         (JSObjectSetPrivateProperty):
1307         * API/JSWeakObjectMapRefInternal.h:
1308         * JavaScriptCore.exp:
1309         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1310         * JavaScriptCore.xcodeproj/project.pbxproj:
1311         * bytecode/CodeBlock.cpp:
1312         (JSC::CodeBlock::markAggregate):
1313         * bytecode/CodeBlock.h:
1314         (JSC::CodeBlock::globalObject):
1315         * bytecompiler/BytecodeGenerator.cpp:
1316         (JSC::BytecodeGenerator::BytecodeGenerator):
1317         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1318         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1319         (JSC::BytecodeGenerator::findScopedProperty):
1320         * debugger/Debugger.cpp:
1321         (JSC::evaluateInGlobalCallFrame):
1322         * debugger/DebuggerActivation.cpp:
1323         (JSC::DebuggerActivation::DebuggerActivation):
1324         (JSC::DebuggerActivation::markChildren):
1325         * debugger/DebuggerActivation.h:
1326         * debugger/DebuggerCallFrame.cpp:
1327         (JSC::DebuggerCallFrame::evaluate):
1328         * interpreter/CallFrame.h:
1329         (JSC::ExecState::exception):
1330         * interpreter/Interpreter.cpp:
1331         (JSC::Interpreter::resolve):
1332         (JSC::Interpreter::resolveSkip):
1333         (JSC::Interpreter::resolveGlobal):
1334         (JSC::Interpreter::resolveGlobalDynamic):
1335         (JSC::Interpreter::resolveBaseAndProperty):
1336         (JSC::Interpreter::unwindCallFrame):
1337         (JSC::appendSourceToError):
1338         (JSC::Interpreter::execute):
1339         (JSC::Interpreter::tryCacheGetByID):
1340         (JSC::Interpreter::privateExecute):
1341         * jit/JITStubs.cpp:
1342         (JSC::JITThunks::tryCacheGetByID):
1343         (JSC::DEFINE_STUB_FUNCTION):
1344         * jsc.cpp:
1345         (GlobalObject::GlobalObject):
1346         * runtime/ArgList.cpp:
1347         (JSC::MarkedArgumentBuffer::markLists):
1348         * runtime/Arguments.cpp:
1349         (JSC::Arguments::markChildren):
1350         (JSC::Arguments::getOwnPropertySlot):
1351         (JSC::Arguments::getOwnPropertyDescriptor):
1352         (JSC::Arguments::put):
1353         * runtime/Arguments.h:
1354         (JSC::Arguments::setActivation):
1355         (JSC::Arguments::Arguments):
1356         * runtime/ArrayConstructor.cpp:
1357         (JSC::ArrayConstructor::ArrayConstructor):
1358         (JSC::constructArrayWithSizeQuirk):
1359         * runtime/ArrayPrototype.cpp:
1360         (JSC::arrayProtoFuncSplice):
1361         * runtime/BatchedTransitionOptimizer.h:
1362         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
1363         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
1364         * runtime/BooleanConstructor.cpp:
1365         (JSC::BooleanConstructor::BooleanConstructor):
1366         (JSC::constructBoolean):
1367         (JSC::constructBooleanFromImmediateBoolean):
1368         * runtime/BooleanPrototype.cpp:
1369         (JSC::BooleanPrototype::BooleanPrototype):
1370         * runtime/ConservativeSet.cpp:
1371         (JSC::ConservativeSet::grow):
1372         * runtime/ConservativeSet.h:
1373         (JSC::ConservativeSet::~ConservativeSet):
1374         (JSC::ConservativeSet::mark):
1375         * runtime/DateConstructor.cpp:
1376         (JSC::DateConstructor::DateConstructor):
1377         * runtime/DateInstance.cpp:
1378         (JSC::DateInstance::DateInstance):
1379         * runtime/DatePrototype.cpp:
1380         (JSC::dateProtoFuncSetTime):
1381         (JSC::setNewValueFromTimeArgs):
1382         (JSC::setNewValueFromDateArgs):
1383         (JSC::dateProtoFuncSetYear):
1384         * runtime/ErrorConstructor.cpp:
1385         (JSC::ErrorConstructor::ErrorConstructor):
1386         * runtime/ErrorInstance.cpp:
1387         (JSC::ErrorInstance::ErrorInstance):
1388         * runtime/ErrorPrototype.cpp:
1389         (JSC::ErrorPrototype::ErrorPrototype):
1390         * runtime/FunctionConstructor.cpp:
1391         (JSC::FunctionConstructor::FunctionConstructor):
1392         * runtime/FunctionPrototype.cpp:
1393         (JSC::FunctionPrototype::FunctionPrototype):
1394         * runtime/GetterSetter.cpp:
1395         (JSC::GetterSetter::markChildren):
1396         * runtime/GetterSetter.h:
1397         (JSC::GetterSetter::GetterSetter):
1398         (JSC::GetterSetter::getter):
1399         (JSC::GetterSetter::setGetter):
1400         (JSC::GetterSetter::setter):
1401         (JSC::GetterSetter::setSetter):
1402         * runtime/GlobalEvalFunction.cpp:
1403         (JSC::GlobalEvalFunction::GlobalEvalFunction):
1404         (JSC::GlobalEvalFunction::markChildren):
1405         * runtime/GlobalEvalFunction.h:
1406         (JSC::GlobalEvalFunction::cachedGlobalObject):
1407         * runtime/Heap.cpp:
1408         (JSC::Heap::markProtectedObjects):
1409         (JSC::Heap::markTempSortVectors):
1410         (JSC::Heap::markRoots):
1411         * runtime/InternalFunction.cpp:
1412         (JSC::InternalFunction::InternalFunction):
1413         * runtime/JSAPIValueWrapper.h:
1414         (JSC::JSAPIValueWrapper::value):
1415         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1416         * runtime/JSActivation.cpp:
1417         (JSC::JSActivation::markChildren):
1418         (JSC::JSActivation::put):
1419         * runtime/JSArray.cpp:
1420         (JSC::JSArray::JSArray):
1421         (JSC::JSArray::getOwnPropertySlot):
1422         (JSC::JSArray::getOwnPropertyDescriptor):
1423         (JSC::JSArray::put):
1424         (JSC::JSArray::putSlowCase):
1425         (JSC::JSArray::deleteProperty):
1426         (JSC::JSArray::increaseVectorLength):
1427         (JSC::JSArray::setLength):
1428         (JSC::JSArray::pop):
1429         (JSC::JSArray::push):
1430         (JSC::JSArray::unshiftCount):
1431         (JSC::JSArray::sort):
1432         (JSC::JSArray::fillArgList):
1433         (JSC::JSArray::copyToRegisters):
1434         (JSC::JSArray::compactForSorting):
1435         * runtime/JSArray.h:
1436         (JSC::JSArray::getIndex):
1437         (JSC::JSArray::setIndex):
1438         (JSC::JSArray::uncheckedSetIndex):
1439         (JSC::JSArray::markChildrenDirect):
1440         * runtime/JSByteArray.cpp:
1441         (JSC::JSByteArray::JSByteArray):
1442         * runtime/JSCell.h:
1443         (JSC::JSCell::MarkStack::append):
1444         (JSC::JSCell::MarkStack::internalAppend):
1445         (JSC::JSCell::MarkStack::deprecatedAppend):
1446         * runtime/JSFunction.cpp:
1447         (JSC::JSFunction::JSFunction):
1448         (JSC::JSFunction::getOwnPropertySlot):
1449         * runtime/JSGlobalData.h:
1450         * runtime/JSGlobalObject.cpp:
1451         (JSC::markIfNeeded):
1452         (JSC::JSGlobalObject::reset):
1453         (JSC::JSGlobalObject::resetPrototype):
1454         (JSC::JSGlobalObject::markChildren):
1455         * runtime/JSGlobalObject.h:
1456         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
1457         (JSC::JSGlobalObject::regExpConstructor):
1458         (JSC::JSGlobalObject::errorConstructor):
1459         (JSC::JSGlobalObject::evalErrorConstructor):
1460         (JSC::JSGlobalObject::rangeErrorConstructor):
1461         (JSC::JSGlobalObject::referenceErrorConstructor):
1462         (JSC::JSGlobalObject::syntaxErrorConstructor):
1463         (JSC::JSGlobalObject::typeErrorConstructor):
1464         (JSC::JSGlobalObject::URIErrorConstructor):
1465         (JSC::JSGlobalObject::evalFunction):
1466         (JSC::JSGlobalObject::objectPrototype):
1467         (JSC::JSGlobalObject::functionPrototype):
1468         (JSC::JSGlobalObject::arrayPrototype):
1469         (JSC::JSGlobalObject::booleanPrototype):
1470         (JSC::JSGlobalObject::stringPrototype):
1471         (JSC::JSGlobalObject::numberPrototype):
1472         (JSC::JSGlobalObject::datePrototype):
1473         (JSC::JSGlobalObject::regExpPrototype):
1474         (JSC::JSGlobalObject::methodCallDummy):
1475         (JSC::Structure::prototypeForLookup):
1476         (JSC::constructArray):
1477         * runtime/JSONObject.cpp:
1478         (JSC::Stringifier::Holder::object):
1479         (JSC::Stringifier::Holder::objectSlot):
1480         (JSC::Stringifier::markAggregate):
1481         (JSC::Stringifier::stringify):
1482         (JSC::Stringifier::Holder::appendNextProperty):
1483         (JSC::Walker::callReviver):
1484         (JSC::Walker::walk):
1485         * runtime/JSObject.cpp:
1486         (JSC::JSObject::defineGetter):
1487         (JSC::JSObject::defineSetter):
1488         (JSC::JSObject::removeDirect):
1489         (JSC::JSObject::putDirectFunction):
1490         (JSC::JSObject::putDirectFunctionWithoutTransition):
1491         (JSC::putDescriptor):
1492         (JSC::JSObject::defineOwnProperty):
1493         * runtime/JSObject.h:
1494         (JSC::JSObject::getDirectOffset):
1495         (JSC::JSObject::putDirectOffset):
1496         (JSC::JSObject::putUndefinedAtDirectOffset):
1497         (JSC::JSObject::flattenDictionaryObject):
1498         (JSC::JSObject::putDirectInternal):
1499         (JSC::JSObject::putDirect):
1500         (JSC::JSObject::putDirectFunction):
1501         (JSC::JSObject::putDirectWithoutTransition):
1502         (JSC::JSObject::putDirectFunctionWithoutTransition):
1503         (JSC::JSValue::putDirect):
1504         (JSC::JSObject::allocatePropertyStorageInline):
1505         (JSC::JSObject::markChildrenDirect):
1506         * runtime/JSPropertyNameIterator.cpp:
1507         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1508         (JSC::JSPropertyNameIterator::get):
1509         * runtime/JSPropertyNameIterator.h:
1510         * runtime/JSStaticScopeObject.cpp:
1511         (JSC::JSStaticScopeObject::markChildren):
1512         * runtime/JSString.cpp:
1513         (JSC::StringObject::create):
1514         * runtime/JSValue.h:
1515         * runtime/JSWrapperObject.cpp:
1516         (JSC::JSWrapperObject::markChildren):
1517         * runtime/JSWrapperObject.h:
1518         (JSC::JSWrapperObject::internalValue):
1519         (JSC::JSWrapperObject::setInternalValue):
1520         * runtime/LiteralParser.cpp:
1521         (JSC::LiteralParser::parse):
1522         * runtime/Lookup.cpp:
1523         (JSC::setUpStaticFunctionSlot):
1524         * runtime/Lookup.h:
1525         (JSC::lookupPut):
1526         * runtime/MarkStack.h:
1527         (JSC::MarkStack::MarkStack):
1528         (JSC::MarkStack::deprecatedAppendValues):
1529         (JSC::MarkStack::appendValues):
1530         * runtime/MathObject.cpp:
1531         (JSC::MathObject::MathObject):
1532         * runtime/NativeErrorConstructor.cpp:
1533         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1534         * runtime/NativeErrorPrototype.cpp:
1535         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1536         * runtime/NumberConstructor.cpp:
1537         (JSC::NumberConstructor::NumberConstructor):
1538         (JSC::constructWithNumberConstructor):
1539         * runtime/NumberObject.cpp:
1540         (JSC::constructNumber):
1541         * runtime/NumberPrototype.cpp:
1542         (JSC::NumberPrototype::NumberPrototype):
1543         * runtime/ObjectConstructor.cpp:
1544         (JSC::ObjectConstructor::ObjectConstructor):
1545         (JSC::objectConstructorGetOwnPropertyDescriptor):
1546         * runtime/Operations.h:
1547         (JSC::normalizePrototypeChain):
1548         (JSC::resolveBase):
1549         * runtime/PrototypeFunction.cpp:
1550         (JSC::PrototypeFunction::PrototypeFunction):
1551         * runtime/PutPropertySlot.h:
1552         (JSC::PutPropertySlot::setExistingProperty):
1553         (JSC::PutPropertySlot::setNewProperty):
1554         (JSC::PutPropertySlot::base):
1555         * runtime/RegExpConstructor.cpp:
1556         (JSC::RegExpConstructor::RegExpConstructor):
1557         * runtime/ScopeChain.cpp:
1558         (JSC::ScopeChainNode::print):
1559         * runtime/ScopeChain.h:
1560         (JSC::ScopeChainNode::~ScopeChainNode):
1561         (JSC::ScopeChainIterator::operator*):
1562         (JSC::ScopeChainIterator::operator->):
1563         (JSC::ScopeChain::top):
1564         * runtime/ScopeChainMark.h:
1565         (JSC::ScopeChain::markAggregate):
1566         * runtime/SmallStrings.cpp:
1567         (JSC::isMarked):
1568         (JSC::SmallStrings::markChildren):
1569         * runtime/SmallStrings.h:
1570         (JSC::SmallStrings::emptyString):
1571         (JSC::SmallStrings::singleCharacterString):
1572         (JSC::SmallStrings::singleCharacterStrings):
1573         * runtime/StringConstructor.cpp:
1574         (JSC::StringConstructor::StringConstructor):
1575         * runtime/StringObject.cpp:
1576         (JSC::StringObject::StringObject):
1577         * runtime/StringObject.h:
1578         * runtime/StringPrototype.cpp:
1579         (JSC::StringPrototype::StringPrototype):
1580         * runtime/Structure.cpp:
1581         (JSC::Structure::Structure):
1582         (JSC::Structure::addPropertyTransition):
1583         (JSC::Structure::toDictionaryTransition):
1584         (JSC::Structure::flattenDictionaryStructure):
1585         * runtime/Structure.h:
1586         (JSC::Structure::storedPrototype):
1587         (JSC::Structure::storedPrototypeSlot):
1588         * runtime/WeakGCMap.h:
1589         (JSC::WeakGCMap::uncheckedGet):
1590         (JSC::WeakGCMap::uncheckedGetSlot):
1591         (JSC::WeakGCMap::isValid):
1592         (JSC::::get):
1593         (JSC::::take):
1594         (JSC::::set):
1595         (JSC::::uncheckedRemove):
1596         * runtime/WriteBarrier.h: Added.
1597         (JSC::DeprecatedPtr::DeprecatedPtr):
1598         (JSC::DeprecatedPtr::get):
1599         (JSC::DeprecatedPtr::operator*):
1600         (JSC::DeprecatedPtr::operator->):
1601         (JSC::DeprecatedPtr::slot):
1602         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
1603         (JSC::DeprecatedPtr::operator!):
1604         (JSC::WriteBarrierBase::set):
1605         (JSC::WriteBarrierBase::get):
1606         (JSC::WriteBarrierBase::operator*):
1607         (JSC::WriteBarrierBase::operator->):
1608         (JSC::WriteBarrierBase::slot):
1609         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
1610         (JSC::WriteBarrierBase::operator!):
1611         (JSC::WriteBarrier::WriteBarrier):
1612         (JSC::operator==):
1613
1614 2011-01-30  Geoffrey Garen  <ggaren@apple.com>
1615
1616         Reviewed by Oliver Hunt.
1617
1618         Filter all Heap collection through a common reset function, in
1619         preparation for adding features triggered by collection.
1620         https://bugs.webkit.org/show_bug.cgi?id=53396
1621         
1622         SunSpider reports no change.
1623
1624         * runtime/Heap.cpp:
1625         (JSC::Heap::reportExtraMemoryCostSlowCase): When we're over the extraCost
1626         limit, just call collectAllGarbage() instead of rolling our own special
1627         way of resetting the heap. In theory, this may be slower in some cases,
1628         but it also fixes cases of pathological heap growth that we've seen,
1629         where the only objects being allocated are temporary and huge
1630         (<rdar://problem/8885843>).
1631
1632         (JSC::Heap::allocate):
1633         (JSC::Heap::collectAllGarbage): Use the shared reset function.
1634
1635         (JSC::Heap::reset):
1636         * runtime/Heap.h: Carved a new shared reset function out of the old
1637         collectAllGarbage.
1638
1639 2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1640
1641         Unreviewed, rolling out r77025.
1642         http://trac.webkit.org/changeset/77025
1643         https://bugs.webkit.org/show_bug.cgi?id=53401
1644
1645         It made js1_5/Regress/regress-159334.js fail on 64 bit Linux
1646         (Requested by Ossy on #webkit).
1647
1648         * jit/ExecutableAllocatorFixedVMPool.cpp:
1649         (JSC::FreeListEntry::FreeListEntry):
1650         (JSC::AVLTreeAbstractorForFreeList::get_less):
1651         (JSC::AVLTreeAbstractorForFreeList::set_less):
1652         (JSC::AVLTreeAbstractorForFreeList::get_greater):
1653         (JSC::AVLTreeAbstractorForFreeList::set_greater):
1654         (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
1655         (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
1656         (JSC::AVLTreeAbstractorForFreeList::null):
1657         (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
1658         (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
1659         (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
1660         (JSC::reverseSortFreeListEntriesByPointer):
1661         (JSC::reverseSortCommonSizedAllocations):
1662         (JSC::FixedVMPoolAllocator::release):
1663         (JSC::FixedVMPoolAllocator::reuse):
1664         (JSC::FixedVMPoolAllocator::addToFreeList):
1665         (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
1666         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
1667         (JSC::FixedVMPoolAllocator::alloc):
1668         (JSC::FixedVMPoolAllocator::free):
1669         (JSC::FixedVMPoolAllocator::isValid):
1670         (JSC::FixedVMPoolAllocator::allocInternal):
1671         (JSC::FixedVMPoolAllocator::isWithinVMPool):
1672         (JSC::FixedVMPoolAllocator::addToCommittedByteCount):
1673         (JSC::ExecutableAllocator::committedByteCount):
1674         (JSC::maybeModifyVMPoolSize):
1675         (JSC::ExecutableAllocator::isValid):
1676         (JSC::ExecutableAllocator::underMemoryPressure):
1677         (JSC::ExecutablePool::systemAlloc):
1678         (JSC::ExecutablePool::systemRelease):
1679         * wtf/PageReservation.h:
1680         (WTF::PageReservation::PageReservation):
1681         (WTF::PageReservation::commit):
1682         (WTF::PageReservation::decommit):
1683
1684 2011-01-30  Leo Yang  <leo.yang@torchmobile.com.cn>
1685
1686         Reviewed by Daniel Bates.
1687
1688         Code style issue in JavaScriptCore/wtf/CurrentTime.h
1689         https://bugs.webkit.org/show_bug.cgi?id=53394
1690
1691         According to rule #3 at http://webkit.org/coding/coding-style.html,
1692         This patch fix style issue in CurrentTime.h.
1693
1694         No functionality change, no new tests.
1695
1696         * wtf/CurrentTime.h:
1697         (WTF::currentTimeMS):
1698         (WTF::getLocalTime):
1699
1700 2011-01-30  Benjamin Poulain  <ikipou@gmail.com>
1701
1702         Reviewed by Kenneth Rohde Christiansen.
1703
1704         [Qt] JavaScriptCore does not link on Mac if building WebKit 2
1705         https://bugs.webkit.org/show_bug.cgi?id=53377
1706
1707         The option "-whole-archive" is not availabe with the libtool of Mac OS X,
1708         instead, we can use "-all_load" on Mac.
1709
1710         * JavaScriptCore.pri:
1711
1712 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1713
1714         Sorry Leopard bot -- I committed a change by accident.
1715
1716         * JavaScriptCore.exp: You may have your symbols back now.
1717
1718 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1719
1720         Reviewed by Cameron Zwarich.
1721
1722         Simplified Heap iteration
1723         https://bugs.webkit.org/show_bug.cgi?id=53393
1724
1725         * runtime/CollectorHeapIterator.h:
1726         (JSC::CollectorHeapIterator::isValid):
1727         (JSC::CollectorHeapIterator::isLive):
1728         (JSC::CollectorHeapIterator::advance): Removed "max" argument to
1729         advance because it's a constant.
1730         (JSC::LiveObjectIterator::LiveObjectIterator):
1731         (JSC::LiveObjectIterator::operator++):
1732         (JSC::DeadObjectIterator::DeadObjectIterator):
1733         (JSC::DeadObjectIterator::operator++):
1734         (JSC::ObjectIterator::ObjectIterator):
1735         (JSC::ObjectIterator::operator++): Factored out common checks into
1736         two helper functions -- isValid() for "Am I past the end?" and isLive()
1737         for "Is the cell I'm pointing to live?".
1738
1739         * runtime/MarkedSpace.cpp:
1740         (JSC::MarkedSpace::freeBlock):
1741         (JSC::MarkedSpace::sweep): Always sweep from the beginning of the heap
1742         to the end, to avoid making sweep subtly reliant on internal Heap state.
1743         (JSC::MarkedSpace::primaryHeapBegin):
1744         (JSC::MarkedSpace::primaryHeapEnd): Always be explicit about where
1745         iteration begins.
1746
1747 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1748
1749         Reviewed by Cameron Zwarich.
1750
1751         Simplified heap destruction
1752         https://bugs.webkit.org/show_bug.cgi?id=53392
1753
1754         * JavaScriptCore.exp:
1755         * runtime/Heap.cpp:
1756         (JSC::Heap::destroy):
1757         * runtime/Heap.h:
1758         * runtime/MarkedSpace.cpp:
1759         (JSC::MarkedSpace::destroy):
1760         * runtime/MarkedSpace.h: Don't go out of our way to destroy GC-protected
1761         cells last -- the difficult contortions required to do so just don't seem
1762         justified. We make no guarantees about GC protection after the client
1763         throws away JSGlobalData, and it doesn't seem like any meaningful
1764         guarantee is even possible.
1765
1766 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1767
1768         Reviewed by Maciej Stachowiak.
1769
1770         Switched heap to use the Bitmap class and removed CollectorBitmap
1771         https://bugs.webkit.org/show_bug.cgi?id=53391
1772         
1773         SunSpider says 1.005x as fast. Seems like a fluke.
1774
1775         * runtime/MarkedSpace.cpp:
1776         (JSC::MarkedSpace::allocate): Updated for rename and returning a value
1777         rather than taking a value by reference.
1778
1779         * runtime/MarkedSpace.h: Code reuse is good.
1780
1781         * wtf/Bitmap.h:
1782         (WTF::::testAndSet): Added, since this is the one thing Bitmap was missing
1783         which CollectorBitmap had. (Renamed from the less conventional "getset".)
1784
1785         (WTF::::nextPossiblyUnset): Renamed and changed to return a value for
1786         clarity. It's all the same with inlining.
1787
1788 2011-01-28  Geoffrey Garen  <ggaren@apple.com>
1789
1790         Reviewed by Maciej Stachowiak.
1791
1792         Some more Heap cleanup.
1793         https://bugs.webkit.org/show_bug.cgi?id=53357
1794         
1795         * JavaScriptCore.exp:
1796         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated exported symbols.
1797
1798         * runtime/Heap.cpp:
1799         (JSC::Heap::reportExtraMemoryCostSlowCase): Renamed recordExtraCost to 
1800         reportExtraMemoryCostSlowCase to match our naming conventions.
1801
1802         (JSC::Heap::capacity): Renamed size to capacity because this function
1803         returns the capacity of the heap, including unused portions.
1804
1805         * runtime/Heap.h:
1806         (JSC::Heap::globalData):
1807         (JSC::Heap::markedSpace):
1808         (JSC::Heap::machineStackMarker):
1809         (JSC::Heap::reportExtraMemoryCost): Moved statics to the top of the file.
1810         Moved ctor and dtor to the beginning of the class definition. Grouped
1811         functions by purpose.
1812
1813         * runtime/MarkedSpace.cpp:
1814         (JSC::MarkedSpace::capacity): Renamed size to capacity because this
1815         function returns the capacity of the heap, including unused portions.
1816
1817         * runtime/MarkedSpace.h: Removed statistics and the Statistics class because
1818         the same information can be gotten just by calling size() and capacity().
1819
1820         * runtime/MemoryStatistics.cpp:
1821         * runtime/MemoryStatistics.h: Ditto.
1822
1823 2011-01-29  Daniel Bates  <dbates@rim.com>
1824
1825         Reviewed by Eric Seidel.
1826
1827         Move wince/mt19937ar.c to ThirdParty and make it a policy choice
1828         https://bugs.webkit.org/show_bug.cgi?id=53253
1829
1830         Make inclusion of MT19937 a policy decision.
1831
1832         Currently, we hardcoded to  use MT19937 when building for
1833         Windows CE. Instead, we should make this a policy decision
1834         with the Windows CE port using this by default.
1835
1836         * JavaScriptCore.pri: Append Source/ThirdParty to the end
1837         of the list include directories.
1838         * wtf/CMakeLists.txt: Ditto.
1839         * wtf/Platform.h: Defined WTF_USE_MERSENNE_TWISTER_19937 when
1840         building for Windows CE.
1841         * wtf/RandomNumber.cpp:
1842         (WTF::randomNumber): Substituted USE(MERSENNE_TWISTER_19937) for OS(WINCE).
1843
1844 2011-01-29  Cameron Zwarich  <zwarich@apple.com>
1845
1846         Reviewed by David Kilzer.
1847
1848         Bug 53374 - Remove uses of unsafe string functions in debugging code
1849         https://bugs.webkit.org/show_bug.cgi?id=53374
1850
1851         * runtime/RegExp.cpp:
1852         (JSC::RegExp::printTraceData):
1853
1854 2011-01-29  Cameron Zwarich  <zwarich@apple.com>
1855
1856         Reviewed by Oliver Hunt.
1857
1858         JavaScriptCoreUseJIT environment variable broken
1859         https://bugs.webkit.org/show_bug.cgi?id=53372
1860
1861         * runtime/JSGlobalData.cpp:
1862         (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
1863         by getenv() rather than just doing a NULL check on the return value.
1864
1865 2011-01-29  Patrick Gansterer  <paroga@webkit.org>
1866
1867         Reviewed by David Kilzer.
1868
1869         Move CharacterNames.h into WTF directory
1870         https://bugs.webkit.org/show_bug.cgi?id=49618
1871
1872         * GNUmakefile.am:
1873         * JavaScriptCore.gypi:
1874         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1875         * JavaScriptCore.xcodeproj/project.pbxproj:
1876         * wtf/CMakeLists.txt:
1877         * wtf/unicode/CharacterNames.h: Renamed from WebCore/platform/text/CharacterNames.h.
1878         * wtf/unicode/UTF8.cpp:
1879
1880 2011-01-28  Simon Fraser  <simon.fraser@apple.com>
1881
1882         Reviewed by Gavin Barraclough.
1883
1884         Add various clampToInt() methods to MathExtras.h
1885         https://bugs.webkit.org/show_bug.cgi?id=52910
1886         
1887         Add functions for clamping doubles and floats to valid int
1888         ranges, for signed and positive integers.
1889
1890         * wtf/MathExtras.h:
1891         (clampToInteger):
1892         (clampToPositiveInteger):
1893
1894 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1895
1896         Unreviewed, rolling out r77006 and r77020.
1897         http://trac.webkit.org/changeset/77006
1898         http://trac.webkit.org/changeset/77020
1899         https://bugs.webkit.org/show_bug.cgi?id=53360
1900
1901         "Broke Windows tests" (Requested by rniwa on #webkit).
1902
1903         * API/JSCallbackObject.h:
1904         (JSC::JSCallbackObjectData::setPrivateProperty):
1905         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1906         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1907         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
1908         (JSC::JSCallbackObject::setPrivateProperty):
1909         * API/JSCallbackObjectFunctions.h:
1910         (JSC::::put):
1911         (JSC::::staticFunctionGetter):
1912         * API/JSObjectRef.cpp:
1913         (JSObjectMakeConstructor):
1914         (JSObjectSetPrivateProperty):
1915         * API/JSWeakObjectMapRefInternal.h:
1916         * JavaScriptCore.exp:
1917         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1918         * JavaScriptCore.xcodeproj/project.pbxproj:
1919         * bytecode/CodeBlock.cpp:
1920         (JSC::CodeBlock::markAggregate):
1921         * bytecode/CodeBlock.h:
1922         (JSC::CodeBlock::globalObject):
1923         * bytecompiler/BytecodeGenerator.cpp:
1924         (JSC::BytecodeGenerator::BytecodeGenerator):
1925         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1926         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1927         (JSC::BytecodeGenerator::findScopedProperty):
1928         * debugger/Debugger.cpp:
1929         (JSC::evaluateInGlobalCallFrame):
1930         * debugger/DebuggerActivation.cpp:
1931         (JSC::DebuggerActivation::DebuggerActivation):
1932         (JSC::DebuggerActivation::markChildren):
1933         * debugger/DebuggerActivation.h:
1934         * debugger/DebuggerCallFrame.cpp:
1935         (JSC::DebuggerCallFrame::evaluate):
1936         * interpreter/CallFrame.h:
1937         (JSC::ExecState::exception):
1938         * interpreter/Interpreter.cpp:
1939         (JSC::Interpreter::resolve):
1940         (JSC::Interpreter::resolveSkip):
1941         (JSC::Interpreter::resolveGlobal):
1942         (JSC::Interpreter::resolveGlobalDynamic):
1943         (JSC::Interpreter::resolveBaseAndProperty):
1944         (JSC::Interpreter::unwindCallFrame):
1945         (JSC::appendSourceToError):
1946         (JSC::Interpreter::execute):
1947         (JSC::Interpreter::tryCacheGetByID):
1948         (JSC::Interpreter::privateExecute):
1949         * jit/JITStubs.cpp:
1950         (JSC::JITThunks::tryCacheGetByID):
1951         (JSC::DEFINE_STUB_FUNCTION):
1952         * jsc.cpp:
1953         (GlobalObject::GlobalObject):
1954         * runtime/ArgList.cpp:
1955         (JSC::MarkedArgumentBuffer::markLists):
1956         * runtime/Arguments.cpp:
1957         (JSC::Arguments::markChildren):
1958         (JSC::Arguments::getOwnPropertySlot):
1959         (JSC::Arguments::getOwnPropertyDescriptor):
1960         (JSC::Arguments::put):
1961         * runtime/Arguments.h:
1962         (JSC::Arguments::setActivation):
1963         (JSC::Arguments::Arguments):
1964         * runtime/ArrayConstructor.cpp:
1965         (JSC::ArrayConstructor::ArrayConstructor):
1966         (JSC::constructArrayWithSizeQuirk):
1967         * runtime/ArrayPrototype.cpp:
1968         (JSC::arrayProtoFuncSplice):
1969         * runtime/BatchedTransitionOptimizer.h:
1970         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
1971         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
1972         * runtime/BooleanConstructor.cpp:
1973         (JSC::BooleanConstructor::BooleanConstructor):
1974         (JSC::constructBoolean):
1975         (JSC::constructBooleanFromImmediateBoolean):
1976         * runtime/BooleanPrototype.cpp:
1977         (JSC::BooleanPrototype::BooleanPrototype):
1978         * runtime/ConservativeSet.cpp:
1979         (JSC::ConservativeSet::grow):
1980         * runtime/ConservativeSet.h:
1981         (JSC::ConservativeSet::~ConservativeSet):
1982         (JSC::ConservativeSet::mark):
1983         * runtime/DateConstructor.cpp:
1984         (JSC::DateConstructor::DateConstructor):
1985         * runtime/DateInstance.cpp:
1986         (JSC::DateInstance::DateInstance):
1987         * runtime/DatePrototype.cpp:
1988         (JSC::dateProtoFuncSetTime):
1989         (JSC::setNewValueFromTimeArgs):
1990         (JSC::setNewValueFromDateArgs):
1991         (JSC::dateProtoFuncSetYear):
1992         * runtime/ErrorConstructor.cpp:
1993         (JSC::ErrorConstructor::ErrorConstructor):
1994         * runtime/ErrorInstance.cpp:
1995         (JSC::ErrorInstance::ErrorInstance):
1996         * runtime/ErrorPrototype.cpp:
1997         (JSC::ErrorPrototype::ErrorPrototype):
1998         * runtime/FunctionConstructor.cpp:
1999         (JSC::FunctionConstructor::FunctionConstructor):
2000         * runtime/FunctionPrototype.cpp:
2001         (JSC::FunctionPrototype::FunctionPrototype):
2002         * runtime/GetterSetter.cpp:
2003         (JSC::GetterSetter::markChildren):
2004         * runtime/GetterSetter.h:
2005         (JSC::GetterSetter::GetterSetter):
2006         (JSC::GetterSetter::getter):
2007         (JSC::GetterSetter::setGetter):
2008         (JSC::GetterSetter::setter):
2009         (JSC::GetterSetter::setSetter):
2010         * runtime/GlobalEvalFunction.cpp:
2011         (JSC::GlobalEvalFunction::GlobalEvalFunction):
2012         (JSC::GlobalEvalFunction::markChildren):
2013         * runtime/GlobalEvalFunction.h:
2014         (JSC::GlobalEvalFunction::cachedGlobalObject):
2015         * runtime/Heap.cpp:
2016         (JSC::Heap::markProtectedObjects):
2017         (JSC::Heap::markTempSortVectors):
2018         (JSC::Heap::markRoots):
2019         * runtime/InternalFunction.cpp:
2020         (JSC::InternalFunction::InternalFunction):
2021         * runtime/JSAPIValueWrapper.h:
2022         (JSC::JSAPIValueWrapper::value):
2023         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
2024         * runtime/JSActivation.cpp:
2025         (JSC::JSActivation::markChildren):
2026         (JSC::JSActivation::put):
2027         * runtime/JSArray.cpp:
2028         (JSC::JSArray::JSArray):
2029         (JSC::JSArray::getOwnPropertySlot):
2030         (JSC::JSArray::getOwnPropertyDescriptor):
2031         (JSC::JSArray::put):
2032         (JSC::JSArray::putSlowCase):
2033         (JSC::JSArray::deleteProperty):
2034         (JSC::JSArray::increaseVectorLength):
2035         (JSC::JSArray::setLength):
2036         (JSC::JSArray::pop):
2037         (JSC::JSArray::push):
2038         (JSC::JSArray::unshiftCount):
2039         (JSC::JSArray::sort):
2040         (JSC::JSArray::fillArgList):
2041         (JSC::JSArray::copyToRegisters):
2042         (JSC::JSArray::compactForSorting):
2043         * runtime/JSArray.h:
2044         (JSC::JSArray::getIndex):
2045         (JSC::JSArray::setIndex):
2046         (JSC::JSArray::uncheckedSetIndex):
2047         (JSC::JSArray::markChildrenDirect):
2048         * runtime/JSByteArray.cpp:
2049         (JSC::JSByteArray::JSByteArray):
2050         * runtime/JSCell.h:
2051         (JSC::JSCell::JSValue::toThisObject):
2052         (JSC::JSCell::MarkStack::append):
2053         * runtime/JSFunction.cpp:
2054         (JSC::JSFunction::JSFunction):
2055         (JSC::JSFunction::getOwnPropertySlot):
2056         * runtime/JSGlobalData.h:
2057         * runtime/JSGlobalObject.cpp:
2058         (JSC::markIfNeeded):
2059         (JSC::JSGlobalObject::reset):
2060         (JSC::JSGlobalObject::resetPrototype):
2061         (JSC::JSGlobalObject::markChildren):
2062         * runtime/JSGlobalObject.h:
2063         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
2064         (JSC::JSGlobalObject::regExpConstructor):
2065         (JSC::JSGlobalObject::errorConstructor):
2066         (JSC::JSGlobalObject::evalErrorConstructor):
2067         (JSC::JSGlobalObject::rangeErrorConstructor):
2068         (JSC::JSGlobalObject::referenceErrorConstructor):
2069         (JSC::JSGlobalObject::syntaxErrorConstructor):
2070         (JSC::JSGlobalObject::typeErrorConstructor):
2071         (JSC::JSGlobalObject::URIErrorConstructor):
2072         (JSC::JSGlobalObject::evalFunction):
2073         (JSC::JSGlobalObject::objectPrototype):
2074         (JSC::JSGlobalObject::functionPrototype):
2075         (JSC::JSGlobalObject::arrayPrototype):
2076         (JSC::JSGlobalObject::booleanPrototype):
2077         (JSC::JSGlobalObject::stringPrototype):
2078         (JSC::JSGlobalObject::numberPrototype):
2079         (JSC::JSGlobalObject::datePrototype):
2080         (JSC::JSGlobalObject::regExpPrototype):
2081         (JSC::JSGlobalObject::methodCallDummy):
2082         (JSC::Structure::prototypeForLookup):
2083         (JSC::constructArray):
2084         * runtime/JSONObject.cpp:
2085         (JSC::Stringifier::Holder::object):
2086         (JSC::Stringifier::markAggregate):
2087         (JSC::Stringifier::stringify):
2088         (JSC::Stringifier::Holder::appendNextProperty):
2089         (JSC::Walker::callReviver):
2090         (JSC::Walker::walk):
2091         * runtime/JSObject.cpp:
2092         (JSC::JSObject::defineGetter):
2093         (JSC::JSObject::defineSetter):
2094         (JSC::JSObject::removeDirect):
2095         (JSC::JSObject::putDirectFunction):
2096         (JSC::JSObject::putDirectFunctionWithoutTransition):
2097         (JSC::putDescriptor):
2098         (JSC::JSObject::defineOwnProperty):
2099         * runtime/JSObject.h:
2100         (JSC::JSObject::getDirectOffset):
2101         (JSC::JSObject::putDirectOffset):
2102         (JSC::JSObject::flattenDictionaryObject):
2103         (JSC::JSObject::putDirectInternal):
2104         (JSC::JSObject::putDirect):
2105         (JSC::JSObject::putDirectFunction):
2106         (JSC::JSObject::putDirectWithoutTransition):
2107         (JSC::JSObject::putDirectFunctionWithoutTransition):
2108         (JSC::JSValue::putDirect):
2109         (JSC::JSObject::allocatePropertyStorageInline):
2110         (JSC::JSObject::markChildrenDirect):
2111         * runtime/JSPropertyNameIterator.cpp:
2112         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2113         (JSC::JSPropertyNameIterator::get):
2114         * runtime/JSPropertyNameIterator.h:
2115         * runtime/JSStaticScopeObject.cpp:
2116         (JSC::JSStaticScopeObject::markChildren):
2117         * runtime/JSString.cpp:
2118         (JSC::StringObject::create):
2119         * runtime/JSValue.h:
2120         * runtime/JSWrapperObject.cpp:
2121         (JSC::JSWrapperObject::markChildren):
2122         * runtime/JSWrapperObject.h:
2123         (JSC::JSWrapperObject::internalValue):
2124         (JSC::JSWrapperObject::setInternalValue):
2125         * runtime/LiteralParser.cpp:
2126         (JSC::LiteralParser::parse):
2127         * runtime/Lookup.cpp:
2128         (JSC::setUpStaticFunctionSlot):
2129         * runtime/Lookup.h:
2130         (JSC::lookupPut):
2131         * runtime/MarkStack.h:
2132         (JSC::MarkStack::appendValues):
2133         * runtime/MathObject.cpp:
2134         (JSC::MathObject::MathObject):
2135         * runtime/NativeErrorConstructor.cpp:
2136         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2137         * runtime/NativeErrorPrototype.cpp:
2138         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2139         * runtime/NumberConstructor.cpp:
2140         (JSC::NumberConstructor::NumberConstructor):
2141         (JSC::constructWithNumberConstructor):
2142         * runtime/NumberObject.cpp:
2143         (JSC::constructNumber):
2144         * runtime/NumberPrototype.cpp:
2145         (JSC::NumberPrototype::NumberPrototype):
2146         * runtime/ObjectConstructor.cpp:
2147         (JSC::ObjectConstructor::ObjectConstructor):
2148         (JSC::objectConstructorGetOwnPropertyDescriptor):
2149         * runtime/Operations.h:
2150         (JSC::normalizePrototypeChain):
2151         (JSC::resolveBase):
2152         * runtime/PrototypeFunction.cpp:
2153         (JSC::PrototypeFunction::PrototypeFunction):
2154         * runtime/PutPropertySlot.h:
2155         (JSC::PutPropertySlot::setExistingProperty):
2156         (JSC::PutPropertySlot::setNewProperty):
2157         (JSC::PutPropertySlot::base):
2158         * runtime/RegExpConstructor.cpp:
2159         (JSC::RegExpConstructor::RegExpConstructor):
2160         * runtime/ScopeChain.cpp:
2161         (JSC::ScopeChainNode::print):
2162         * runtime/ScopeChain.h:
2163         (JSC::ScopeChainNode::~ScopeChainNode):
2164         (JSC::ScopeChainIterator::operator*):
2165         (JSC::ScopeChainIterator::operator->):
2166         (JSC::ScopeChain::top):
2167         * runtime/ScopeChainMark.h:
2168         (JSC::ScopeChain::markAggregate):
2169         * runtime/SmallStrings.cpp:
2170         (JSC::isMarked):
2171         (JSC::SmallStrings::markChildren):
2172         * runtime/SmallStrings.h:
2173         (JSC::SmallStrings::emptyString):
2174         (JSC::SmallStrings::singleCharacterString):
2175         (JSC::SmallStrings::singleCharacterStrings):
2176         * runtime/StringConstructor.cpp:
2177         (JSC::StringConstructor::StringConstructor):
2178         * runtime/StringObject.cpp:
2179         (JSC::StringObject::StringObject):
2180         * runtime/StringObject.h:
2181         * runtime/StringPrototype.cpp:
2182         (JSC::StringPrototype::StringPrototype):
2183         * runtime/Structure.cpp:
2184         (JSC::Structure::Structure):
2185         (JSC::Structure::addPropertyTransition):
2186         (JSC::Structure::toDictionaryTransition):
2187         (JSC::Structure::flattenDictionaryStructure):
2188         * runtime/Structure.h:
2189         (JSC::Structure::storedPrototype):
2190         * runtime/WeakGCMap.h:
2191         (JSC::WeakGCMap::uncheckedGet):
2192         (JSC::WeakGCMap::isValid):
2193         (JSC::::get):
2194         (JSC::::take):
2195         (JSC::::set):
2196         (JSC::::uncheckedRemove):
2197         * runtime/WriteBarrier.h: Removed.
2198
2199 2011-01-28  Gavin Barraclough  <barraclough@apple.com>
2200
2201         Reviewed by Geoff Garen.
2202
2203         https://bugs.webkit.org/show_bug.cgi?id=53352
2204         Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
2205
2206         The FixedVMPoolAllocator currently uses a best fix policy -
2207         switch to first fit, this is less prone to external fragmentation.
2208
2209         * jit/ExecutableAllocatorFixedVMPool.cpp:
2210         (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
2211         (JSC::AllocationTableSizeClass::blockSize):
2212         (JSC::AllocationTableSizeClass::blockCount):
2213         (JSC::AllocationTableSizeClass::blockAlignment):
2214         (JSC::AllocationTableSizeClass::size):
2215         (JSC::AllocationTableLeaf::AllocationTableLeaf):
2216         (JSC::AllocationTableLeaf::~AllocationTableLeaf):
2217         (JSC::AllocationTableLeaf::allocate):
2218         (JSC::AllocationTableLeaf::free):
2219         (JSC::AllocationTableLeaf::isEmpty):
2220         (JSC::AllocationTableLeaf::isFull):
2221         (JSC::AllocationTableLeaf::size):
2222         (JSC::AllocationTableLeaf::classForSize):
2223         (JSC::AllocationTableLeaf::dump):
2224         (JSC::LazyAllocationTable::LazyAllocationTable):
2225         (JSC::LazyAllocationTable::~LazyAllocationTable):
2226         (JSC::LazyAllocationTable::allocate):
2227         (JSC::LazyAllocationTable::free):
2228         (JSC::LazyAllocationTable::isEmpty):
2229         (JSC::LazyAllocationTable::isFull):
2230         (JSC::LazyAllocationTable::size):
2231         (JSC::LazyAllocationTable::dump):
2232         (JSC::LazyAllocationTable::classForSize):
2233         (JSC::AllocationTableDirectory::AllocationTableDirectory):
2234         (JSC::AllocationTableDirectory::~AllocationTableDirectory):
2235         (JSC::AllocationTableDirectory::allocate):
2236         (JSC::AllocationTableDirectory::free):
2237         (JSC::AllocationTableDirectory::isEmpty):
2238         (JSC::AllocationTableDirectory::isFull):
2239         (JSC::AllocationTableDirectory::size):
2240         (JSC::AllocationTableDirectory::classForSize):
2241         (JSC::AllocationTableDirectory::dump):
2242         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
2243         (JSC::FixedVMPoolAllocator::alloc):
2244         (JSC::FixedVMPoolAllocator::free):
2245         (JSC::FixedVMPoolAllocator::allocated):
2246         (JSC::FixedVMPoolAllocator::isValid):
2247         (JSC::FixedVMPoolAllocator::classForSize):
2248         (JSC::FixedVMPoolAllocator::offsetToPointer):
2249         (JSC::FixedVMPoolAllocator::pointerToOffset):
2250         (JSC::ExecutableAllocator::committedByteCount):
2251         (JSC::ExecutableAllocator::isValid):
2252         (JSC::ExecutableAllocator::underMemoryPressure):
2253         (JSC::ExecutablePool::systemAlloc):
2254         (JSC::ExecutablePool::systemRelease):
2255         * wtf/PageReservation.h:
2256         (WTF::PageReservation::PageReservation):
2257         (WTF::PageReservation::commit):
2258         (WTF::PageReservation::decommit):
2259         (WTF::PageReservation::committed):
2260
2261 2011-01-27  Oliver Hunt  <oliver@apple.com>
2262
2263         Reviewed by Geoffrey Garen.
2264
2265         Convert markstack to a slot visitor API
2266         https://bugs.webkit.org/show_bug.cgi?id=53219
2267
2268         Move the MarkStack over to a slot based marking API.
2269
2270         In order to avoiding aliasing concerns there are two new types
2271         that need to be used when holding on to JSValues and JSCell that
2272         need to be marked: WriteBarrier and DeprecatedPtr.  WriteBarrier
2273         is expected to be used for any JSValue or Cell that's lifetime and
2274         marking is controlled by another GC object.  DeprecatedPtr is used
2275         for any value that we need to rework ownership for.
2276
2277         The change over to this model has produced a large amount of
2278         code changes, but they are mostly mechanical (forwarding JSGlobalData,
2279         etc).
2280
2281         * API/JSCallbackObject.h:
2282         (JSC::JSCallbackObjectData::setPrivateProperty):
2283         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2284         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2285         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
2286         (JSC::JSCallbackObject::setPrivateProperty):
2287         * API/JSCallbackObjectFunctions.h:
2288         (JSC::::put):
2289         (JSC::::staticFunctionGetter):
2290         * API/JSObjectRef.cpp:
2291         (JSObjectMakeConstructor):
2292         (JSObjectSetPrivateProperty):
2293         * API/JSWeakObjectMapRefInternal.h:
2294         * JavaScriptCore.exp:
2295         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2296         * JavaScriptCore.xcodeproj/project.pbxproj:
2297         * bytecode/CodeBlock.cpp:
2298         (JSC::CodeBlock::markAggregate):
2299         * bytecode/CodeBlock.h:
2300         (JSC::CodeBlock::globalObject):
2301         * bytecompiler/BytecodeGenerator.cpp:
2302         (JSC::BytecodeGenerator::BytecodeGenerator):
2303         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2304         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2305         (JSC::BytecodeGenerator::findScopedProperty):
2306         * debugger/DebuggerActivation.cpp:
2307         (JSC::DebuggerActivation::DebuggerActivation):
2308         (JSC::DebuggerActivation::markChildren):
2309         * debugger/DebuggerActivation.h:
2310         * interpreter/Interpreter.cpp:
2311         (JSC::Interpreter::resolve):
2312         (JSC::Interpreter::resolveSkip):
2313         (JSC::Interpreter::resolveGlobalDynamic):
2314         (JSC::Interpreter::resolveBaseAndProperty):
2315         (JSC::Interpreter::unwindCallFrame):
2316         (JSC::appendSourceToError):
2317         (JSC::Interpreter::execute):
2318         (JSC::Interpreter::privateExecute):
2319         * interpreter/Register.h:
2320         (JSC::Register::jsValueSlot):
2321         * jit/JITStubs.cpp:
2322         (JSC::JITThunks::tryCacheGetByID):
2323         (JSC::DEFINE_STUB_FUNCTION):
2324         * jsc.cpp:
2325         (GlobalObject::GlobalObject):
2326         * runtime/Arguments.cpp:
2327         (JSC::Arguments::markChildren):
2328         (JSC::Arguments::getOwnPropertySlot):
2329         (JSC::Arguments::getOwnPropertyDescriptor):
2330         (JSC::Arguments::put):
2331         * runtime/Arguments.h:
2332         (JSC::Arguments::setActivation):
2333         (JSC::Arguments::Arguments):
2334         * runtime/ArrayConstructor.cpp:
2335         (JSC::ArrayConstructor::ArrayConstructor):
2336         (JSC::constructArrayWithSizeQuirk):
2337         * runtime/ArrayPrototype.cpp:
2338         (JSC::arrayProtoFuncSplice):
2339         * runtime/BatchedTransitionOptimizer.h:
2340         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
2341         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
2342         * runtime/BooleanConstructor.cpp:
2343         (JSC::BooleanConstructor::BooleanConstructor):
2344         (JSC::constructBoolean):
2345         (JSC::constructBooleanFromImmediateBoolean):
2346         * runtime/BooleanPrototype.cpp:
2347         (JSC::BooleanPrototype::BooleanPrototype):
2348         * runtime/ConservativeSet.h:
2349         (JSC::ConservativeSet::mark):
2350         * runtime/DateConstructor.cpp:
2351         (JSC::DateConstructor::DateConstructor):
2352         * runtime/DateInstance.cpp:
2353         (JSC::DateInstance::DateInstance):
2354         * runtime/DatePrototype.cpp:
2355         (JSC::dateProtoFuncSetTime):
2356         (JSC::setNewValueFromTimeArgs):
2357         (JSC::setNewValueFromDateArgs):
2358         (JSC::dateProtoFuncSetYear):
2359         * runtime/ErrorConstructor.cpp:
2360         (JSC::ErrorConstructor::ErrorConstructor):
2361         * runtime/ErrorInstance.cpp:
2362         (JSC::ErrorInstance::ErrorInstance):
2363         * runtime/ErrorPrototype.cpp:
2364         (JSC::ErrorPrototype::ErrorPrototype):
2365         * runtime/FunctionConstructor.cpp:
2366         (JSC::FunctionConstructor::FunctionConstructor):
2367         * runtime/FunctionPrototype.cpp:
2368         (JSC::FunctionPrototype::FunctionPrototype):
2369         * runtime/GetterSetter.cpp:
2370         (JSC::GetterSetter::markChildren):
2371         * runtime/GetterSetter.h:
2372         (JSC::GetterSetter::GetterSetter):
2373         (JSC::GetterSetter::getter):
2374         (JSC::GetterSetter::setGetter):
2375         (JSC::GetterSetter::setter):
2376         (JSC::GetterSetter::setSetter):
2377         * runtime/GlobalEvalFunction.cpp:
2378         (JSC::GlobalEvalFunction::GlobalEvalFunction):
2379         (JSC::GlobalEvalFunction::markChildren):
2380         * runtime/GlobalEvalFunction.h:
2381         (JSC::GlobalEvalFunction::cachedGlobalObject):
2382         * runtime/Heap.cpp:
2383         (JSC::Heap::markProtectedObjects):
2384         (JSC::Heap::markTempSortVectors):
2385         (JSC::Heap::markRoots):
2386         * runtime/InternalFunction.cpp:
2387         (JSC::InternalFunction::InternalFunction):
2388         * runtime/JSAPIValueWrapper.h:
2389         (JSC::JSAPIValueWrapper::value):
2390         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
2391         * runtime/JSActivation.cpp:
2392         (JSC::JSActivation::put):
2393         * runtime/JSArray.cpp:
2394         (JSC::JSArray::JSArray):
2395         (JSC::JSArray::getOwnPropertySlot):
2396         (JSC::JSArray::getOwnPropertyDescriptor):
2397         (JSC::JSArray::put):
2398         (JSC::JSArray::putSlowCase):
2399         (JSC::JSArray::deleteProperty):
2400         (JSC::JSArray::increaseVectorLength):
2401         (JSC::JSArray::setLength):
2402         (JSC::JSArray::pop):
2403         (JSC::JSArray::push):
2404         (JSC::JSArray::unshiftCount):
2405         (JSC::JSArray::sort):
2406         (JSC::JSArray::fillArgList):
2407         (JSC::JSArray::copyToRegisters):
2408         (JSC::JSArray::compactForSorting):
2409         * runtime/JSArray.h:
2410         (JSC::JSArray::getIndex):
2411         (JSC::JSArray::setIndex):
2412         (JSC::JSArray::uncheckedSetIndex):
2413         (JSC::JSArray::markChildrenDirect):
2414         * runtime/JSByteArray.cpp:
2415         (JSC::JSByteArray::JSByteArray):
2416         * runtime/JSCell.h:
2417         (JSC::JSCell::MarkStack::append):
2418         (JSC::JSCell::MarkStack::appendCell):
2419         * runtime/JSFunction.cpp:
2420         (JSC::JSFunction::JSFunction):
2421         (JSC::JSFunction::getOwnPropertySlot):
2422         * runtime/JSGlobalObject.cpp:
2423         (JSC::markIfNeeded):
2424         (JSC::JSGlobalObject::reset):
2425         (JSC::JSGlobalObject::resetPrototype):
2426         (JSC::JSGlobalObject::markChildren):
2427         * runtime/JSGlobalObject.h:
2428         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
2429         (JSC::JSGlobalObject::regExpConstructor):
2430         (JSC::JSGlobalObject::errorConstructor):
2431         (JSC::JSGlobalObject::evalErrorConstructor):
2432         (JSC::JSGlobalObject::rangeErrorConstructor):
2433         (JSC::JSGlobalObject::referenceErrorConstructor):
2434         (JSC::JSGlobalObject::syntaxErrorConstructor):
2435         (JSC::JSGlobalObject::typeErrorConstructor):
2436         (JSC::JSGlobalObject::URIErrorConstructor):
2437         (JSC::JSGlobalObject::evalFunction):
2438         (JSC::JSGlobalObject::objectPrototype):
2439         (JSC::JSGlobalObject::functionPrototype):
2440         (JSC::JSGlobalObject::arrayPrototype):
2441         (JSC::JSGlobalObject::booleanPrototype):
2442         (JSC::JSGlobalObject::stringPrototype):
2443         (JSC::JSGlobalObject::numberPrototype):
2444         (JSC::JSGlobalObject::datePrototype):
2445         (JSC::JSGlobalObject::regExpPrototype):
2446         (JSC::JSGlobalObject::methodCallDummy):
2447         (JSC::constructArray):
2448         * runtime/JSONObject.cpp:
2449         (JSC::Stringifier::Holder::object):
2450         (JSC::Stringifier::Holder::objectSlot):
2451         (JSC::Stringifier::markAggregate):
2452         (JSC::Stringifier::stringify):
2453         (JSC::Stringifier::Holder::appendNextProperty):
2454         (JSC::Walker::callReviver):
2455         (JSC::Walker::walk):
2456         * runtime/JSObject.cpp:
2457         (JSC::JSObject::defineGetter):
2458         (JSC::JSObject::defineSetter):
2459         (JSC::JSObject::removeDirect):
2460         (JSC::JSObject::putDirectFunction):
2461         (JSC::JSObject::putDirectFunctionWithoutTransition):
2462         (JSC::putDescriptor):
2463         (JSC::JSObject::defineOwnProperty):
2464         * runtime/JSObject.h:
2465         (JSC::JSObject::putDirectOffset):
2466         (JSC::JSObject::putUndefinedAtDirectOffset):
2467         (JSC::JSObject::flattenDictionaryObject):
2468         (JSC::JSObject::putDirectInternal):
2469         (JSC::JSObject::putDirect):
2470         (JSC::JSObject::putDirectFunction):
2471         (JSC::JSObject::putDirectWithoutTransition):
2472         (JSC::JSObject::putDirectFunctionWithoutTransition):
2473         (JSC::JSValue::putDirect):
2474         (JSC::JSObject::allocatePropertyStorageInline):
2475         (JSC::JSObject::markChildrenDirect):
2476         * runtime/JSStaticScopeObject.cpp:
2477         (JSC::JSStaticScopeObject::markChildren):
2478         * runtime/JSString.cpp:
2479         (JSC::StringObject::create):
2480         * runtime/JSValue.h:
2481         * runtime/JSWrapperObject.cpp:
2482         (JSC::JSWrapperObject::markChildren):
2483         * runtime/JSWrapperObject.h:
2484         (JSC::JSWrapperObject::internalValue):
2485         (JSC::JSWrapperObject::setInternalValue):
2486         * runtime/LiteralParser.cpp:
2487         (JSC::LiteralParser::parse):
2488         * runtime/Lookup.cpp:
2489         (JSC::setUpStaticFunctionSlot):
2490         * runtime/Lookup.h:
2491         (JSC::lookupPut):
2492         * runtime/MarkStack.h:
2493         * runtime/MathObject.cpp:
2494         (JSC::MathObject::MathObject):
2495         * runtime/NativeErrorConstructor.cpp:
2496         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2497         * runtime/NativeErrorPrototype.cpp:
2498         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2499         * runtime/NumberConstructor.cpp:
2500         (JSC::NumberConstructor::NumberConstructor):
2501         (JSC::constructWithNumberConstructor):
2502         * runtime/NumberObject.cpp:
2503         (JSC::constructNumber):
2504         * runtime/NumberPrototype.cpp:
2505         (JSC::NumberPrototype::NumberPrototype):
2506         * runtime/ObjectConstructor.cpp:
2507         (JSC::ObjectConstructor::ObjectConstructor):
2508         (JSC::objectConstructorGetOwnPropertyDescriptor):
2509         * runtime/Operations.h:
2510         (JSC::normalizePrototypeChain):
2511         (JSC::resolveBase):
2512         * runtime/PrototypeFunction.cpp:
2513         (JSC::PrototypeFunction::PrototypeFunction):
2514         * runtime/PutPropertySlot.h:
2515         (JSC::PutPropertySlot::setExistingProperty):
2516         (JSC::PutPropertySlot::setNewProperty):
2517         (JSC::PutPropertySlot::base):
2518         * runtime/RegExpConstructor.cpp:
2519         (JSC::RegExpConstructor::RegExpConstructor):
2520         * runtime/ScopeChain.cpp:
2521         (JSC::ScopeChainNode::print):
2522         * runtime/ScopeChain.h:
2523         (JSC::ScopeChainNode::~ScopeChainNode):
2524         (JSC::ScopeChainIterator::operator*):
2525         (JSC::ScopeChainIterator::operator->):
2526         (JSC::ScopeChain::top):
2527         * runtime/ScopeChainMark.h:
2528         (JSC::ScopeChain::markAggregate):
2529         * runtime/SmallStrings.cpp:
2530         (JSC::isMarked):
2531         (JSC::SmallStrings::markChildren):
2532         * runtime/SmallStrings.h:
2533         (JSC::SmallStrings::emptyString):
2534         (JSC::SmallStrings::singleCharacterString):
2535         (JSC::SmallStrings::singleCharacterStrings):
2536         * runtime/StringConstructor.cpp:
2537         (JSC::StringConstructor::StringConstructor):
2538         * runtime/StringObject.cpp:
2539         (JSC::StringObject::StringObject):
2540         * runtime/StringObject.h:
2541         * runtime/StringPrototype.cpp:
2542         (JSC::StringPrototype::StringPrototype):
2543         * runtime/Structure.cpp:
2544         (JSC::Structure::flattenDictionaryStructure):
2545         * runtime/Structure.h:
2546         (JSC::Structure::storedPrototypeSlot):
2547         * runtime/WeakGCMap.h:
2548         (JSC::WeakGCMap::uncheckedGet):
2549         (JSC::WeakGCMap::uncheckedGetSlot):
2550         (JSC::::get):
2551         (JSC::::take):
2552         (JSC::::set):
2553         (JSC::::uncheckedRemove):
2554         * runtime/WriteBarrier.h: Added.
2555         (JSC::DeprecatedPtr::DeprecatedPtr):
2556         (JSC::DeprecatedPtr::get):
2557         (JSC::DeprecatedPtr::operator*):
2558         (JSC::DeprecatedPtr::operator->):
2559         (JSC::DeprecatedPtr::slot):
2560         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
2561         (JSC::DeprecatedPtr::operator!):
2562         (JSC::WriteBarrierBase::set):
2563         (JSC::WriteBarrierBase::get):
2564         (JSC::WriteBarrierBase::operator*):
2565         (JSC::WriteBarrierBase::operator->):
2566         (JSC::WriteBarrierBase::slot):
2567         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
2568         (JSC::WriteBarrierBase::operator!):
2569         (JSC::WriteBarrier::WriteBarrier):
2570         (JSC::operator==):
2571
2572 2011-01-28  Adam Roben  <aroben@apple.com>
2573
2574         Chromium build fix after r76967
2575
2576         * wtf/ThreadingPrimitives.h: Use OS(WINDOWS) instead of PLATFORM(WIN), to match other
2577         similar macros in this file.
2578
2579 2011-01-28  Michael Saboff  <msaboff@apple.com>
2580
2581         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
2582         https://bugs.webkit.org/show_bug.cgi?id=53271
2583
2584         Reapplying this this change.  No change from prior patch in
2585         JavaScriptCore.
2586
2587         Added new isValid() methods to check if a contained object in
2588         a WeakGCMap is valid when using an unchecked iterator.
2589
2590         * runtime/WeakGCMap.h:
2591         (JSC::WeakGCMap::isValid):
2592
2593 2011-01-27  Adam Roben  <aroben@apple.com>
2594
2595         Extract code to convert a WTF absolute time to a Win32 wait interval into a separate
2596         function
2597
2598         Fixes <http://webkit.org/b/53208> <rdar://problem/8922490> BinarySemaphore should wrap a
2599         Win32 event
2600
2601         Reviewed by Dave Hyatt.
2602
2603         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new function.
2604
2605         * wtf/ThreadingPrimitives.h: Declare the new function.
2606
2607         * wtf/ThreadingWin.cpp:
2608         (WTF::ThreadCondition::timedWait): Moved code to convert the absolute time to a wait
2609         interval from here...
2610         (WTF::absoluteTimeToWaitTimeoutInterval): ...to here.
2611
2612 2011-01-28  Sam Weinig  <sam@webkit.org>
2613
2614         Reviewed by Maciej Stachowiak.
2615
2616         Add basic rubber banding support
2617         <rdar://problem/8219429>
2618         https://bugs.webkit.org/show_bug.cgi?id=53277
2619
2620         * wtf/Platform.h: Add ENABLE for rubber banding.
2621
2622 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2623
2624         Unreviewed, rolling out r76893.
2625         http://trac.webkit.org/changeset/76893
2626         https://bugs.webkit.org/show_bug.cgi?id=53287
2627
2628         It made some tests crash on GTK and Qt debug bots (Requested
2629         by Ossy on #webkit).
2630
2631         * runtime/WeakGCMap.h:
2632
2633 2011-01-27  Adam Barth  <abarth@webkit.org>
2634
2635         Reviewed by Eric Seidel.
2636
2637         Add WTFString method to compare equality with Vector<UChar>
2638         https://bugs.webkit.org/show_bug.cgi?id=53266
2639
2640         I'm planning to use this method in the new XSS filter implementation,
2641         but it seems generally useful.
2642
2643         * wtf/text/StringImpl.h:
2644         (WTF::equalIgnoringNullity):
2645         * wtf/text/WTFString.h:
2646         (WTF::equalIgnoringNullity):
2647
2648 2011-01-27  Michael Saboff  <msaboff@apple.com>
2649
2650         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
2651         https://bugs.webkit.org/show_bug.cgi?id=53271
2652
2653         Added new isValid() methods to check if a contained object in
2654         a WeakGCMap is valid when using an unchecked iterator.
2655
2656         * runtime/WeakGCMap.h:
2657         (JSC::WeakGCMap::isValid):
2658
2659 2011-01-26  Sam Weinig  <sam@webkit.org>
2660
2661         Reviewed by Maciej Stachowiak.
2662
2663         Add events to represent the start/end of a gesture scroll
2664         https://bugs.webkit.org/show_bug.cgi?id=53215
2665
2666         * wtf/Platform.h: Add ENABLE for gesture events. 
2667
2668 2011-01-26  Yael Aharon  <yael.aharon@nokia.com>
2669
2670         Reviewed by Laszlo Gombos.
2671
2672         [Qt][Symbian] Fix --minimal build
2673         https://bugs.webkit.org/show_bug.cgi?id=52839
2674
2675         Move definition of USE_SYSTEM_MALLOC out of pri file.
2676         Put it in platform.h instead.
2677
2678         * wtf/Platform.h:
2679         * wtf/TCSystemAlloc.cpp:
2680         * wtf/wtf.pri:
2681
2682 2011-01-26  Patrick Gansterer  <paroga@webkit.org>
2683
2684         Reviewed by Andreas Kling.
2685
2686         [WINCE] Add JIT support to build system
2687         https://bugs.webkit.org/show_bug.cgi?id=53079
2688
2689         * CMakeListsWinCE.txt:
2690
2691 2011-01-25  Adam Roben  <aroben@apple.com>
2692
2693         Windows Production build fix
2694
2695         Reviewed by Steve Falkenburg.
2696
2697         * JavaScriptCore.vcproj/JavaScriptCore.make: Set BUILDSTYLE to Release_PGO at the very start
2698         of the file so that ConfigurationBuildDir takes that into account. Also set it the right way
2699         (by redefining the macro) rather than the wrong way (by modifying the environment variable).
2700
2701 2011-01-25  Steve Falkenburg  <sfalken@apple.com>
2702
2703         Rubber-stamped by Adam Roben.
2704
2705         Windows production build fix.
2706         Use correct environment variable escaping
2707
2708         * JavaScriptCore.vcproj/JavaScriptCore.make:
2709         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
2710
2711 2011-01-25  Oliver Hunt  <oliver@apple.com>
2712
2713         Reviewed by Gavin Barraclough.
2714
2715         JSON.stringify processing time exponentially grows with size of object
2716         https://bugs.webkit.org/show_bug.cgi?id=51922
2717
2718         Remove last use of reserveCapacity from JSON stringification, as it results
2719         in appalling append behaviour when there are a large number of property names
2720         and nothing else.
2721
2722         * runtime/JSONObject.cpp:
2723         (JSC::Stringifier::appendQuotedString):
2724
2725 2011-01-25  Antti Koivisto  <antti@apple.com>
2726
2727         Not reviewed.
2728         
2729         Try to fix windows build.
2730
2731         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2732
2733 2011-01-25  Antti Koivisto  <antti@apple.com>
2734
2735         Reviewed by Oliver Hunt.
2736
2737         REGRESSION: Leak in JSParser::Scope::copyCapturedVariablesToVector()
2738         https://bugs.webkit.org/show_bug.cgi?id=53061
2739          
2740         Cache did not know about the subclass so failed to fully delete the items. 
2741         Got rid of the subclass and moved the classes to separate files.
2742
2743         * CMakeLists.txt:
2744         * GNUmakefile.am:
2745         * JavaScriptCore.exp:
2746         * JavaScriptCore.gypi:
2747         * JavaScriptCore.pro:
2748         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2749         * JavaScriptCore.xcodeproj/project.pbxproj:
2750         * parser/JSParser.cpp:
2751         (JSC::JSParser::Scope::saveFunctionInfo):
2752         (JSC::JSParser::Scope::restoreFunctionInfo):
2753         (JSC::JSParser::findCachedFunctionInfo):
2754         (JSC::JSParser::parseFunctionInfo):
2755         * parser/SourceProvider.h:
2756         * parser/SourceProviderCache.cpp: Added.
2757         (JSC::SourceProviderCache::~SourceProviderCache):
2758         (JSC::SourceProviderCache::byteSize):
2759         * parser/SourceProviderCache.h: Added.
2760         (JSC::SourceProviderCache::SourceProviderCache):
2761         (JSC::SourceProviderCache::add):
2762         (JSC::SourceProviderCache::get):
2763         * parser/SourceProviderCacheItem.h: Added.
2764         (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
2765         (JSC::SourceProviderCacheItem::approximateByteSize):
2766         (JSC::SourceProviderCacheItem::closeBraceToken):
2767
2768 2011-01-25  Marcilio Mendonca  <mamendonca@rim.com>
2769
2770         Reviewed by Darin Adler.
2771
2772         Bug 53087: Refactoring: replaced a hanging "else" with a "return"
2773         statement
2774         https://bugs.webkit.org/show_bug.cgi?id=53087.
2775
2776         Refactoring work: Replaced a hanging "else" within an #if PLATFORM(M
2777         with a "return" so that the code is more readable and less error pro
2778         (e.g., "else" doesn't use braces so adding extra lines to the else
2779         block won't have any effect; even worse, code still compiles
2780         successfully.
2781
2782         * wtf/Assertions.cpp:
2783
2784 2011-01-24  Chris Marrin  <cmarrin@apple.com>
2785
2786         Reviewed by Eric Seidel.
2787
2788         Change ENABLE_3D_CANVAS to ENABLE_WEBGL
2789         https://bugs.webkit.org/show_bug.cgi?id=53041
2790
2791         * Configurations/FeatureDefines.xcconfig:
2792
2793 2011-01-25  Adam Roben  <aroben@apple.com>
2794
2795         Windows Production build fix
2796
2797         * JavaScriptCore.vcproj/JavaScriptCore.make: Added a missing "set".
2798
2799 2011-01-25  Patrick Gansterer  <paroga@webkit.org>
2800
2801         Reviewed by Eric Seidel.
2802
2803         Add missing defines for COMPILER(RVCT) && CPU(ARM_THUMB2)
2804         https://bugs.webkit.org/show_bug.cgi?id=52949
2805
2806         * jit/JITStubs.cpp:
2807
2808 2011-01-24  Adam Roben  <aroben@apple.com>
2809
2810         Windows Production build fix
2811
2812         * JavaScriptCore.vcproj/JavaScriptCore.make: Update for move of JavaScriptCore into Source.
2813
2814 2011-01-24  Peter Varga  <pvarga@webkit.org>
2815
2816         Reviewed by Oliver Hunt.
2817
2818         Optimize regex patterns which contain empty alternatives
2819         https://bugs.webkit.org/show_bug.cgi?id=51395
2820
2821         Eliminate the empty alternatives from the regex pattern and convert it to do
2822         the matching in an easier way.
2823
2824         * yarr/YarrPattern.cpp:
2825         (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
2826
2827 2011-01-24  Andras Becsi  <abecsi@webkit.org>
2828
2829         Reviewed by Csaba Osztrogonác.
2830
2831         [Qt] Move project files into Source
2832         https://bugs.webkit.org/show_bug.cgi?id=52891
2833
2834         * JavaScriptCore.pri:
2835         * JavaScriptCore.pro:
2836         * jsc.pro:
2837
2838 2011-01-23  Mark Rowe  <mrowe@apple.com>
2839
2840         Follow-up to r76477.
2841
2842         Fix the scripts that detect problematic code such as static initializers
2843         and destructors, weak vtables, inappropriate files in the framework wrappers,
2844         and public headers including private headers. These had all been broken
2845         since the projects were moved in to the Source directory as the paths to the
2846         scripts were not updated at that time.
2847
2848         * JavaScriptCore.xcodeproj/project.pbxproj:
2849
2850 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
2851
2852         Reviewed by Darin Adler.
2853
2854         Use WTF::StringHasher in WebCore
2855         https://bugs.webkit.org/show_bug.cgi?id=52934
2856
2857         Add an additional function to calculate the hash
2858         of data with a runtimedependent size.
2859
2860         * wtf/StringHasher.h:
2861         (WTF::StringHasher::createBlobHash):
2862
2863 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
2864
2865         Reviewed by David Kilzer.
2866
2867         Fix comment in String::ascii()
2868         https://bugs.webkit.org/show_bug.cgi?id=52980
2869
2870         * wtf/text/WTFString.cpp:
2871         (WTF::String::ascii):
2872
2873 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
2874
2875         Reviewed by David Kilzer.
2876
2877         Add String::containsOnlyLatin1()
2878         https://bugs.webkit.org/show_bug.cgi?id=52979
2879
2880         * wtf/text/WTFString.h:
2881         (WTF::String::containsOnlyLatin1):
2882         (WTF::charactersAreAllLatin1):
2883
2884 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
2885
2886         Reviewed by Oliver Hunt.
2887
2888         Remove obsolete JSVALUE32 code
2889         https://bugs.webkit.org/show_bug.cgi?id=52948
2890
2891         r70111 removed support for JSVALUE32.
2892         ARM, MIPS and X86 support JSVALUE32_64 only.
2893
2894         * jit/JITStubs.cpp:
2895
2896 2011-01-22  Geoffrey Garen  <ggaren@apple.com>
2897
2898         Reviewed by Dan Bernstein.
2899
2900         ASSERT running run-webkit-tests --threaded.
2901         https://bugs.webkit.org/show_bug.cgi?id=52971
2902         
2903         SunSpider and v8 report no change.
2904
2905         * runtime/ConservativeSet.cpp:
2906         (JSC::ConservativeSet::grow):
2907         (JSC::ConservativeSet::add):
2908         * runtime/ConservativeSet.h: Tweaked the inline capacity to 128, and
2909         the growth policy to 2X, to make SunSpider and v8 happy.
2910         (JSC::ConservativeSet::ConservativeSet):
2911         (JSC::ConservativeSet::~ConservativeSet):
2912         (JSC::ConservativeSet::mark): Use OSAllocator directly, instead of malloc.
2913         Malloc is forbidden during a multi-threaded mark phase because it can
2914         cause deadlock.
2915
2916 2011-01-22  Geoffrey Garen  <ggaren@apple.com>
2917
2918         Reviewed by Geoffrey Garen.
2919
2920         Rubber-stamped by Maciej Stachowiak.
2921
2922         A few of Maciej's review suggestions for my last patch.
2923         https://bugs.webkit.org/show_bug.cgi?id=52946        
2924
2925         SunSpider reports no change.
2926
2927         * Android.mk:
2928         * CMakeLists.txt:
2929         * GNUmakefile.am:
2930         * JavaScriptCore.gypi:
2931         * JavaScriptCore.pro:
2932         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2933         * JavaScriptCore.xcodeproj/project.pbxproj: Updated build systems.
2934
2935         * runtime/ConservativeSet.cpp: Added.
2936         (JSC::isPointerAligned):
2937         (JSC::ConservativeSet::add):
2938         * runtime/ConservativeSet.h: Added.
2939         (JSC::ConservativeSet::ConservativeSet):
2940         (JSC::ConservativeSet::mark): Split ConservativeSet out into its own
2941         file, and moved the conservative check into ConservativeSet::add, making
2942         ConservativeSet's responsibility clearer.
2943
2944         * runtime/Heap.cpp:
2945         (JSC::Heap::markRoots):
2946         * runtime/MachineStackMarker.cpp:
2947         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
2948         (JSC::MachineStackMarker::markOtherThreadConservatively):
2949         * runtime/MachineStackMarker.h:
2950         * runtime/MarkStack.h: Updated for changes above.
2951
2952 2011-01-22  Patrick Gansterer  <paroga@webkit.org>
2953
2954         Unreviewed WinCE build fix for r76430.
2955
2956         * runtime/MachineStackMarker.cpp:
2957         (JSC::swapIfBackwards):
2958
2959 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
2960
2961         Reviewed by Beth Dakin.
2962
2963         Reorganized MarkedSpace, making many of its functions private.
2964
2965         * runtime/JSCell.h:
2966         (JSC::JSCell::Heap::heap):
2967         * runtime/MarkedSpace.h:
2968         (JSC::MarkedSpace::globalData):
2969         (JSC::MarkedSpace::heap):
2970
2971 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
2972
2973         Try to fix build: moved helper function out of #ifdef.
2974
2975         * runtime/MachineStackMarker.cpp:
2976         (JSC::swapIfBackwards):
2977
2978 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
2979
2980         Rubber-stamped by Maciej Stachowiak.
2981
2982         A few of Maciej's review suggestions for my last patch.
2983         https://bugs.webkit.org/show_bug.cgi?id=52946        
2984
2985         SunSpider reports no change.
2986
2987         * runtime/MachineStackMarker.cpp:
2988         (JSC::swapIfBackwards): Added a helper function for handling platforms
2989         where the stack can grow in any direction.
2990
2991         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
2992         (JSC::MachineStackMarker::markOtherThreadConservatively): Use the helper
2993         function.
2994
2995         (JSC::isPointerAligned): Use "!" instead of "==0" because a robot told me to.
2996
2997         (JSC::MachineStackMarker::markConservatively): Changed to use a more
2998         standard looping idiom, and to use the helper function above.
2999
3000         * runtime/MarkedSpace.h:
3001         (JSC::MarkedSpace::isCellAligned): Use "!" instead of "==0" because a robot told me to.
3002
3003 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3004
3005         Reviewed by Maciej Stachowiak.
3006
3007         Cleaned up some conservative marking code.
3008         https://bugs.webkit.org/show_bug.cgi?id=52946
3009         
3010         SunSpider reports no change.
3011
3012         * interpreter/RegisterFile.h: No need for a special marking function,
3013         since we already expose a start() and end().
3014
3015         * runtime/Heap.cpp:
3016         (JSC::Heap::registerFile):
3017         (JSC::Heap::markRoots):
3018         * runtime/Heap.h:
3019         (JSC::Heap::contains): Migrated markConservatively() to the machine stack
3020         marker class. Now, Heap just provides a contains() function, which the
3021         machine stack marker uses for checking whether a pointer points into the heap.
3022
3023         * runtime/MachineStackMarker.cpp:
3024         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3025         (JSC::MachineStackMarker::markOtherThreadConservatively):
3026         (JSC::isPointerAligned):
3027         (JSC::MachineStackMarker::markConservatively):
3028         * runtime/MachineStackMarker.h: Move the conservative marking code here.
3029
3030         * runtime/MarkStack.h:
3031         (JSC::ConservativeSet::add):
3032         (JSC::ConservativeSet::mark): Changed to using a vector instead of hash
3033         set. Vector seems to be a bit faster, and it generates smaller code.
3034
3035         * runtime/MarkedSpace.cpp:
3036         (JSC::MarkedSpace::containsSlowCase):
3037         * runtime/MarkedSpace.h:
3038         (JSC::MarkedSpace::isCellAligned):
3039         (JSC::MarkedSpace::isPossibleCell):
3040         (JSC::MarkedSpace::contains): Kept the code for determining whether a
3041         pointer pointed into marked space, and moved the code for marking
3042         a set of conservative pointers into the machine stack marker.
3043
3044         * wtf/HashSet.h:
3045         (WTF::::add): Added two missing inlines that I noticed while testing
3046         vector vs hash set.
3047
3048 2011-01-21  Mark Rowe  <mrowe@apple.com>
3049
3050         Reviewed by Sam Weinig.
3051
3052         Work around a Clang bug <rdar://problem/8876150> that leads to it incorrectly emitting an access
3053         control warning when a client tries to use operator bool exposed above via "using PageBlock::operator bool".
3054
3055         * wtf/PageAllocation.h:
3056         (WTF::PageAllocation::operator bool):
3057         * wtf/PageReservation.h:
3058         (WTF::PageReservation::operator bool):
3059
3060 2011-01-21  Michael Saboff  <msaboff@apple.com>
3061
3062         Reviewed by Oliver Hunt.
3063
3064         [RegexFuzz] Hang with forward assertion
3065         https://bugs.webkit.org/show_bug.cgi?id=52825
3066         <rdar://problem/8894332>
3067
3068         The backtrackTo label from the first term in a list of terms is
3069         being overwritten by processing of subsequent terms.  Changed
3070         copyBacktrackToLabel() to check for an existing bcaktrackTo label
3071         before copying and renamed it to propagateBacktrackToLabel() since
3072         it no longer copies.
3073
3074         * yarr/YarrJIT.cpp:
3075         (JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
3076         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
3077
3078 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3079
3080         Reviewed by Sam Weinig.
3081
3082         Moved the mark stack from global data to the heap, since it pertains
3083         to the heap, and not the virtual machine as a whole.
3084         https://bugs.webkit.org/show_bug.cgi?id=52930
3085         
3086         SunSpider reports no change.
3087
3088         * runtime/Heap.cpp:
3089         (JSC::Heap::Heap):
3090         (JSC::Heap::markRoots):
3091         * runtime/Heap.h:
3092         * runtime/JSGlobalData.cpp:
3093         (JSC::JSGlobalData::JSGlobalData):
3094         * runtime/JSGlobalData.h:
3095
3096 2011-01-21  Peter Gal  <galpeter@inf.u-szeged.hu>
3097
3098         Reviewed by Darin Adler.
3099
3100         REGRESSION(r76177): All JavaScriptCore tests fail on ARM
3101         https://bugs.webkit.org/show_bug.cgi?id=52814
3102
3103         Get the approximateByteSize value before releasing the OwnPtr.
3104
3105         * parser/JSParser.cpp:
3106         (JSC::JSParser::parseFunctionInfo):
3107
3108 2011-01-21  Xan Lopez  <xlopez@igalia.com>
3109
3110         Reviewed by Martin Robinson.
3111
3112         Remove unnecessary <stdio.h> include
3113         https://bugs.webkit.org/show_bug.cgi?id=52884
3114
3115         * jit/JIT.cpp: remove unnecessary include.
3116
3117 2011-01-20  Ryosuke Niwa  <rniwa@webkit.org>
3118
3119         Reviewed by Maciej Stachowiak.
3120
3121         Added OwnPtrCommon.h because OwnArrayPtr::set calls deleteOwnedPtr.
3122
3123         * wtf/OwnArrayPtr.h:
3124
3125 2011-01-20  Patrick Gansterer  <paroga@webkit.org>
3126
3127         Reviewed by Oliver Hunt.
3128
3129         [WINCE] Remove obsolete JSVALUE32 code
3130         https://bugs.webkit.org/show_bug.cgi?id=52450
3131
3132         Remove the "offset hack" in create_jit_stubs, since we
3133         only support JSVALUE32_64 in the meantime.
3134
3135         * create_jit_stubs: Removed offset argument
3136         * jit/JITStubs.cpp:
3137
3138 2011-01-20  Geoffrey Garen  <ggaren@apple.com>
3139
3140         Reviewed by Oliver Hunt.
3141
3142         When marking conservatively, guard against reviving dead objects.
3143         https://bugs.webkit.org/show_bug.cgi?id=52840
3144         
3145         SunSpider and v8 say no change.
3146
3147         * interpreter/RegisterFile.h:
3148         (JSC::RegisterFile::markCallFrames): Updated to use the ConservativeSet API.
3149
3150         * runtime/Heap.cpp:
3151         (JSC::Heap::recordExtraCost): No need to guard against conservative
3152         marking reviving dead objects anymore, since the conservative marking
3153         mechanism guards against this now.
3154
3155         (JSC::Heap::markConservatively):
3156         (JSC::Heap::markProtectedObjects):
3157         (JSC::Heap::markTempSortVectors): Don't drain the mark stack inside a
3158         marking function. We want to establish a separation of concerns between
3159         visiting roots and draining the mark stack.
3160
3161         (JSC::Heap::markRoots): Gather the set of conservative references before
3162         clearning mark bits, because conservative marking now uses the mark bits
3163         to determine if a reference is valid, and avoid reviving dead objects.
3164
3165         (JSC::Heap::collectAllGarbage): No need to guard against conservative
3166         marking reviving dead objects anymore, since the conservative marking
3167         mechanism guards against this now.
3168
3169         * runtime/Heap.h: Updated to use the ConservativeSet API.
3170
3171         * runtime/MachineStackMarker.cpp:
3172         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3173         (JSC::MachineStackMarker::markCurrentThreadConservatively):
3174         (JSC::MachineStackMarker::markOtherThreadConservatively):
3175         (JSC::MachineStackMarker::markMachineStackConservatively):
3176         * runtime/MachineStackMarker.h: Ditto.
3177
3178         * runtime/MarkStack.h:
3179         (JSC::ConservativeSet::add):
3180         (JSC::ConservativeSet::mark): Added ConservativeSet, for gathering the
3181         set of conservative references. This is different from MarkStack, since
3182         we don't mark the set until it is completely gathered.
3183
3184         * runtime/MarkedSpace.cpp:
3185         (JSC::MarkedSpace::freeBlock):
3186         (JSC::MarkedSpace::resizeBlocks):
3187         (JSC::MarkedSpace::markConservatively):
3188         * runtime/MarkedSpace.h: When marking conservatively, guard against
3189         reviving dead objects.
3190
3191 2011-01-20  Siddharth Mathur  <siddharth.mathur@nokia.com>
3192
3193         Reviewed by Geoffrey Garen.
3194
3195         [Symbian] Fix StackBounds::initialize()
3196         https://bugs.webkit.org/show_bug.cgi?id=52842
3197
3198         * wtf/StackBounds.cpp:
3199         (WTF::StackBounds::initialize): Use TThreadStackInfo.iLimit for stack limit
3200
3201 2011-01-20  Michael Saboff  <msaboff@apple.com>
3202
3203         Reviewed by Oliver Hunt.
3204
3205         <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
3206         https://bugs.webkit.org/show_bug.cgi?id=52773
3207
3208         Fixed case where an existing DataLabelPtr is overwritten.  The
3209         replacing DataLabelPtr is now resolved immediately in
3210         linkDataLabelToBacktrackIfExists().  Cleanup - eliminated bool
3211         return value for the routine as it was never used.
3212
3213         * yarr/YarrJIT.cpp:
3214         (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
3215
3216 2011-01-20  Andras Becsi  <abecsi@webkit.org>
3217
3218         Reviewed by Csaba Osztrogonác.
3219
3220         [Qt][WK2] WebKit2 enabled build fails to link
3221
3222         Work around undefined reference linking issues until the buildsystem gets redesigned.
3223         These issues first occured in minimal builds (see BUG 50519).
3224
3225         * JavaScriptCore.pri: link as whole-archive for WebKit2 builds
3226
3227 2011-01-20  Zoltan Horvath  <zoltan@webkit.org>
3228
3229         Reviewed by Csaba Osztrogonác.
3230
3231         Refactoring of the custom allocation framework
3232         https://bugs.webkit.org/show_bug.cgi?id=49897
3233
3234         Inheriting from FastAllocBase can result in objects getting larger (bug #33896, #46589).
3235         The modification replaces Noncopyable and FastAllocBase classes and these inherits with their
3236         equivalent macro implementation at the necessary places.
3237
3238         * wtf/FastAllocBase.h: Turn FastAllocBase's implementation into a macro.
3239
3240 2011-01-20  Mark Rowe  <mrowe@apple.com>
3241
3242         Reviewed by Maciej Stachowiak.
3243
3244         Follow-up to r75766 / <rdar://problem/5469576>.
3245
3246         We were failing to initialize the key, causing all sorts of unexpected behavior.
3247
3248         * wtf/FastMalloc.cpp:
3249         (WTF::setThreadHeap):
3250         (WTF::TCMalloc_ThreadCache::GetThreadHeap):
3251         (WTF::TCMalloc_ThreadCache::InitTSD): Ensure that the key is initialized.
3252
3253 2011-01-18  Geoffrey Garen  <ggaren@apple.com>
3254
3255         Reviewed by Darin Adler.
3256
3257         Rolled back in r76078, with crash fixed.
3258         https://bugs.webkit.org/show_bug.cgi?id=52668
3259         
3260         * runtime/JSGlobalObject.cpp:
3261         (JSC::JSGlobalObject::markChildren): Account for the fact that the global
3262         object moves its variables into and out of the register file. While out
3263         of the register file, the symbol table's size is not an accurate count
3264         for the size of the register array, since the BytecodeGenerator might
3265         be compiling, adding items to the symbol table.
3266         
3267 2011-01-18  Darin Adler  <darin@apple.com>
3268
3269         Reviewed by Geoffrey Garen.
3270
3271         Stack overflow when converting an Error object to string
3272         https://bugs.webkit.org/show_bug.cgi?id=46410
3273
3274         * Android.mk: Added StringRecursionChecker.cpp and
3275         StringRecursionChecker.h.
3276         * CMakeLists.txt: Ditto.
3277         * GNUmakefile.am: Ditto.
3278         * JavaScriptCore.gypi: Ditto.
3279         * JavaScriptCore.pro: Ditto.
3280         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
3281         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
3282
3283         * runtime/ArrayPrototype.cpp:
3284         (JSC::arrayProtoFuncToString): Use StringRecursionChecker instead
3285         of the older hand-written code to do the same thing.
3286         (JSC::arrayProtoFuncToLocaleString): Ditto.
3287         (JSC::arrayProtoFuncJoin): Ditto.
3288
3289         * runtime/ErrorPrototype.cpp:
3290         (JSC::errorProtoFuncToString): Use StringRecursionChecker.
3291
3292         * runtime/JSGlobalData.h: Renamed arrayVisitedElements to
3293         stringRecursionCheckVisitedObjects.
3294
3295         * runtime/RegExpPrototype.cpp:
3296         (JSC::regExpProtoFuncToString): Use StringRecursionChecker.
3297
3298         * runtime/StringRecursionChecker.cpp: Added.
3299         * runtime/StringRecursionChecker.h: Added.
3300
3301 2011-01-19  Oliver Hunt  <oliver@apple.com>
3302
3303         Reviewed by Gavin Barraclough.
3304
3305         Remove non-spec support for callable RegExp
3306         https://bugs.webkit.org/show_bug.cgi?id=28285
3307
3308         Remove support for callable regexps.  If it breaks sites we can
3309         just roll this out.
3310
3311         * runtime/RegExpObject.cpp:
3312         * runtime/RegExpObject.h:
3313         * tests/mozilla/expected.html: update results.
3314
3315 2011-01-19  Antti Koivisto  <antti@apple.com>
3316
3317         Reviewed by Oliver Hunt.
3318
3319         Cache function offsets to speed up javascript parsing
3320         https://bugs.webkit.org/show_bug.cgi?id=52622
3321         
3322         Use cache to save function offsets and some other info.
3323         This avoids quite a bit of work when reparsing the source.
3324
3325         * parser/ASTBuilder.h:
3326         * parser/JSParser.cpp:
3327         (JSC::JSParser::CachedFunctionInfo::CachedFunctionInfo):
3328         (JSC::JSParser::CachedFunctionInfo::approximateByteSize):
3329         (JSC::JSParser::CachedFunctionInfo::closeBraceToken):
3330         (JSC::JSParser::Scope::copyCapturedVariablesToVector):
3331         (JSC::JSParser::Scope::saveFunctionInfo):
3332         (JSC::JSParser::Scope::restoreFunctionInfo):
3333         (JSC::JSParser::findCachedFunctionInfo):
3334         (JSC::JSParser::JSParser):
3335         (JSC::JSParser::parseProgram):
3336         (JSC::JSParser::parseFunctionInfo):
3337         * parser/Lexer.h:
3338         (JSC::Lexer::setOffset):
3339         (JSC::Lexer::setLineNumber):
3340         (JSC::Lexer::sourceProvider):
3341         * parser/SourceProvider.h:
3342         (JSC::SourceProviderCache::SourceProviderCache):
3343         (JSC::SourceProviderCache::~SourceProviderCache):
3344         (JSC::SourceProviderCache::byteSize):
3345         (JSC::SourceProviderCache::add):
3346         (JSC::SourceProviderCache::get):
3347         (JSC::SourceProvider::SourceProvider):
3348         (JSC::SourceProvider::~SourceProvider):
3349         (JSC::SourceProvider::cache):
3350         (JSC::SourceProvider::notifyCacheSizeChanged):
3351         (JSC::SourceProvider::cacheSizeChanged):
3352         * parser/SyntaxChecker.h:
3353
3354 2011-01-19  Mark Rowe  <mrowe@apple.com>
3355
3356         Reviewed by Darin Adler.
3357
3358         Follow-up to r75766 / <rdar://problem/5469576>.
3359
3360         * DerivedSources.make: Evaluate the SDKROOT variable correctly.
3361
3362 2011-01-19  Oliver Hunt  <oliver@apple.com>
3363
3364         Reviewed by Gavin Barraclough.
3365
3366         [jsfunfuzz] Defining a function called __proto__ inside an eval triggers an assertion
3367         https://bugs.webkit.org/show_bug.cgi?id=52672
3368
3369         Rather than coming up with a somewhat convoluted mechanism to ensure that
3370         developers can override the global objects prototype with a function named
3371         __proto__ and expect it to work, we just disallow it at the syntax level.
3372
3373         * parser/JSParser.cpp:
3374         (JSC::JSParser::parseFunctionInfo):
3375
3376 2011-01-19  Michael Saboff  <msaboff@apple.com>
3377
3378         Reviewed by Darin Adler.
3379
3380         <rdar://problem/8882994> Regression: Simple nested backtrack hangs
3381         https://bugs.webkit.org/show_bug.cgi?id=52675
3382
3383         The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540
3384         broke simple backtracking in some cases.  Reworked that change to 
3385         link both jumps and labels.
3386
3387         * yarr/YarrJIT.cpp:
3388         (JSC::Yarr::YarrGenerator::BacktrackDestination::hasBacktrackToLabel):
3389         (JSC::Yarr::YarrGenerator::TermGenerationState::propagateBacktrackingFrom):
3390         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
3391
3392 2011-01-19  Pavel Podivilov  <podivilov@chromium.org>
3393
3394         Reviewed by Yury Semikhatsky.
3395
3396         Web Inspector: [JSC] scripts have incorrect starting line (always 1).
3397         https://bugs.webkit.org/show_bug.cgi?id=52721
3398
3399         * debugger/Debugger.cpp:
3400         (JSC::Debugger::recompileAllJSFunctions):
3401         * debugger/Debugger.h:
3402         * parser/Parser.h:
3403         (JSC::Parser::parse):
3404         * parser/SourceCode.h:
3405         (JSC::SourceCode::SourceCode):
3406         * parser/SourceProvider.h:
3407         (JSC::SourceProvider::startPosition):
3408
3409 2011-01-19  Csaba Osztrogonác  <ossy@webkit.org>
3410
3411         Reviewed by Laszlo Gombos and Tor Arne Vestbø.
3412
3413         [Qt] Remove unnecessary "../Source" from paths
3414         after moving source files into Source is finished.
3415
3416         * JavaScriptCore.pri:
3417
3418 2011-01-19  Benjamin Kalman  <kalman@chromium.org>
3419
3420         Reviewed by Darin Adler.
3421
3422         Don't return void from void function String::split
3423         https://bugs.webkit.org/show_bug.cgi?id=52684
3424
3425         * wtf/text/WTFString.cpp:
3426         (WTF::String::split):
3427
3428 2011-01-18  Kenneth Russell  <kbr@google.com>
3429
3430         Unreviewed, rolling out r76078.
3431         http://trac.webkit.org/changeset/76078
3432         https://bugs.webkit.org/show_bug.cgi?id=52668
3433
3434         Caused crashes of fast/canvas/webgl/constants.html,
3435         fast/canvas/webgl/gl-enum-tests.html, and possibly other layout
3436         test crashes in Release mode. WebGL crashes were observed with
3437         "run-webkit-tests fast/canvas/webgl". It was necessary to run
3438         multiple tests to provoke the crash.
3439
3440         * interpreter/RegisterFile.h:
3441         (JSC::RegisterFile::markGlobals):
3442         * runtime/JSActivation.cpp:
3443         (JSC::JSActivation::markChildren):
3444         * runtime/JSGlobalObject.cpp:
3445         (JSC::JSGlobalObject::markChildren):
3446
3447 2011-01-18  Oliver Hunt  <oliver@apple.com>
3448
3449         Reviewed by Gavin Barraclough.
3450
3451         [jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
3452         https://bugs.webkit.org/show_bug.cgi?id=52690
3453
3454         Clean up code to retrieve arguments from activation and function objects.
3455         Remove the incorrect assertion from JSActivation's argumentsGetter.
3456
3457         * interpreter/Interpreter.cpp:
3458         (JSC::Interpreter::retrieveArguments):
3459         * runtime/JSActivation.cpp:
3460         (JSC::JSActivation::argumentsGetter):
3461
3462 2011-01-18  Geoffrey Garen  <ggaren@apple.com>
3463
3464         Reviewed by Darin Adler.
3465
3466         Removed RegisterFile::markGlobals because it was obtuse, and it
3467         unnecessarily relied on conservative marking.
3468 &nb