[BlackBerry] Implement OSAllocator::commit/decommit in the correct way
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-19  Yong Li  <yoli@rim.com>
2
3         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
4         https://bugs.webkit.org/show_bug.cgi?id=77013
5
6         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
7         implement memory decommitting for QNX.
8
9         Reviewed by Rob Buis.
10
11         * wtf/OSAllocatorPosix.cpp:
12         (WTF::OSAllocator::reserveUncommitted):
13         (WTF::OSAllocator::commit):
14         (WTF::OSAllocator::decommit):
15
16 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
17
18         Unreviewed - revent a couple of files accidentally committed.
19
20         * runtime/Arguments.cpp:
21         (JSC::Arguments::defineOwnProperty):
22         * runtime/JSFunction.cpp:
23         (JSC::JSFunction::defineOwnProperty):
24
25 2012-03-19  Jessie Berlin  <jberlin@apple.com>
26
27         Another Windows build fix after r111129.
28
29         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
30
31 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
32
33         Cross-platform processor core counter: fix build on FreeBSD.
34         https://bugs.webkit.org/show_bug.cgi?id=81482
35
36         Reviewed by Zoltan Herczeg.
37
38         The documentation of sysctl(3) shows that <sys/types.h> should be
39         included before <sys/sysctl.h> (sys/types.h tends to be the first
40         included header in general).
41
42         This should fix the build on FreeBSD and other systems where
43         sysctl.h really depends on types defined in types.h.
44
45         * wtf/NumberOfCores.cpp:
46
47 2012-03-19  Jessie Berlin  <jberlin@apple.com>
48
49         Windows build fix after r111129.
50
51         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
52
53 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
54
55         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
56         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
57
58         Reviewed by Oliver Hunt.
59
60         The API specifies that convertToType may opt not to handle a conversion:
61             "@result The objects's converted value, or NULL if the object was not converted."
62         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
63         conversion functions, and failing that call the JSObject::defaultValue function.
64
65         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
66         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
67         bug#73368, these will return the result from the first convertToType they find, regardless
68         of whether this result is null, and if no convertToType method is found in the api class
69         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
70         chain), they will also return a null pointer. This is unsafe.
71
72         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
73         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
74         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
75         Making the fallback work with toString/valueOf methods attached to api objects is probably
76         not the right thing to do – instead, we should just implement the defaultValue trap for api
77         objects.
78
79         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
80         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
81
82         * API/JSCallbackFunction.cpp:
83         (JSC::JSCallbackFunction::call):
84             - Should be null checking the return value.
85         (JSC):
86             - Remove toStringCallback/valueOfCallback.
87         * API/JSCallbackFunction.h:
88         (JSCallbackFunction):
89             - Remove toStringCallback/valueOfCallback.
90         * API/JSCallbackObject.h:
91         (JSCallbackObject):
92             - Add defaultValue mthods to JSCallbackObject.
93         * API/JSCallbackObjectFunctions.h:
94         (JSC::::defaultValue):
95             - Add defaultValue mthods to JSCallbackObject.
96         * API/JSClassRef.cpp:
97         (OpaqueJSClass::prototype):
98             - Remove toStringCallback/valueOfCallback.
99         * API/tests/testapi.js:
100             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
101
102 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
103
104         [EFL] Include ICU_INCLUDE_DIRS when building.
105         https://bugs.webkit.org/show_bug.cgi?id=81483
106
107         Reviewed by Daniel Bates.
108
109         So far, only the ICU libraries were being included when building
110         JavaScriptCore, however the include path is also needed, otherwise the
111         build will fail when ICU is installed into a non-standard location.
112
113         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
114
115 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
116
117         Strength reduction, RegExp.exec -> RegExp.test
118         https://bugs.webkit.org/show_bug.cgi?id=81459
119
120         Reviewed by Sam Weinig.
121
122         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
123         expression for a match against a string - however exec is more expensive, since
124         it allocates a matches array object. In cases where the result is consumed in a
125         boolean context the allocation of the matches array can be trivially elided.
126
127         For example:
128             function f()
129             {
130                 for (i =0; i < 10000000; ++i)
131                     if(!/a/.exec("a"))
132                         err = true;
133             }
134
135         This is a 2.5x speedup on this example microbenchmark loop.
136
137         In a more advanced form of this optimization, we may be able to avoid allocating
138         the array where access to the array can be observed.
139
140         * create_hash_table:
141         * dfg/DFGAbstractState.cpp:
142         (JSC::DFG::AbstractState::execute):
143         * dfg/DFGByteCodeParser.cpp:
144         (JSC::DFG::ByteCodeParser::handleIntrinsic):
145         * dfg/DFGNode.h:
146         (JSC::DFG::Node::hasHeapPrediction):
147         * dfg/DFGNodeType.h:
148         (DFG):
149         * dfg/DFGOperations.cpp:
150         * dfg/DFGOperations.h:
151         * dfg/DFGPredictionPropagationPhase.cpp:
152         (JSC::DFG::PredictionPropagationPhase::propagate):
153         * dfg/DFGSpeculativeJIT.cpp:
154         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
155         (DFG):
156         * dfg/DFGSpeculativeJIT.h:
157         (JSC::DFG::SpeculativeJIT::callOperation):
158         * dfg/DFGSpeculativeJIT32_64.cpp:
159         (JSC::DFG::SpeculativeJIT::compile):
160         * dfg/DFGSpeculativeJIT64.cpp:
161         (JSC::DFG::SpeculativeJIT::compile):
162         * jsc.cpp:
163         (GlobalObject::addConstructableFunction):
164         * runtime/Intrinsic.h:
165         * runtime/JSFunction.cpp:
166         (JSC::JSFunction::create):
167         (JSC):
168         * runtime/JSFunction.h:
169         (JSFunction):
170         * runtime/Lookup.cpp:
171         (JSC::setUpStaticFunctionSlot):
172         * runtime/RegExpObject.cpp:
173         (JSC::RegExpObject::exec):
174         (JSC::RegExpObject::match):
175         * runtime/RegExpObject.h:
176         (RegExpObject):
177         * runtime/RegExpPrototype.cpp:
178         (JSC::regExpProtoFuncTest):
179         (JSC::regExpProtoFuncExec):
180
181 2012-03-16  Michael Saboff  <msaboff@apple.com>
182
183         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
184         https://bugs.webkit.org/show_bug.cgi?id=81244
185
186         Rubber stamped by Filip Pizlo.
187
188         Changed type and name of JSGlobalData::m_isInitializingObject to
189         ClassInfo* and m_initializingObjectClass.
190         Changed JSGlobalData::setInitializingObject to
191         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
192         the debugger to determine what type of object is being initialized.
193         
194         * runtime/JSCell.h:
195         (JSC::JSCell::finishCreation):
196         (JSC::allocateCell):
197         * runtime/JSGlobalData.cpp:
198         (JSC::JSGlobalData::JSGlobalData):
199         * runtime/JSGlobalData.h:
200         (JSGlobalData):
201         (JSC::JSGlobalData::isInitializingObject):
202         (JSC::JSGlobalData::setInitializingObjectClass):
203         * runtime/Structure.h:
204         (JSC::JSCell::finishCreation):
205
206 2012-03-16  Mark Rowe  <mrowe@apple.com>
207
208         Build fix. Do not preserve owner and group information when installing the WTF headers.
209
210         * JavaScriptCore.xcodeproj/project.pbxproj:
211
212 2012-03-15  David Dorwin  <ddorwin@chromium.org>
213
214         Make the array pointer parameters in the Typed Array create() methods const.
215         https://bugs.webkit.org/show_bug.cgi?id=81147
216
217         Reviewed by Kenneth Russell.
218
219         This allows const arrays to be passed to these methods.
220         They use PassRefPtr<Subclass> create(), which already has a const parameter.
221
222         * wtf/Int16Array.h:
223         (Int16Array):
224         (WTF::Int16Array::create):
225         * wtf/Int32Array.h:
226         (Int32Array):
227         (WTF::Int32Array::create):
228         * wtf/Int8Array.h:
229         (Int8Array):
230         (WTF::Int8Array::create):
231         * wtf/Uint16Array.h:
232         (Uint16Array):
233         (WTF::Uint16Array::create):
234         * wtf/Uint32Array.h:
235         (Uint32Array):
236         (WTF::Uint32Array::create):
237         * wtf/Uint8Array.h:
238         (Uint8Array):
239         (WTF::Uint8Array::create):
240         * wtf/Uint8ClampedArray.h:
241         (Uint8ClampedArray):
242         (WTF::Uint8ClampedArray::create):
243
244 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
245
246         CopiedSpace::tryAllocateOversize assumes system page size
247         https://bugs.webkit.org/show_bug.cgi?id=80615
248
249         Reviewed by Geoffrey Garen.
250
251         * heap/CopiedSpace.cpp:
252         (JSC::CopiedSpace::tryAllocateOversize):
253         * heap/CopiedSpace.h:
254         (CopiedSpace):
255         * heap/CopiedSpaceInlineMethods.h:
256         (JSC::CopiedSpace::oversizeBlockFor):
257         * wtf/BumpPointerAllocator.h:
258         (WTF::BumpPointerPool::create):
259         * wtf/StdLibExtras.h:
260         (WTF::roundUpToMultipleOf):
261
262 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
263
264         Fixing Windows build breakage
265
266         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
267
268 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
269
270         [EFL] Make zlib a general build requirement
271         https://bugs.webkit.org/show_bug.cgi?id=80153
272
273         Reviewed by Hajime Morita.
274
275         After r109538 WebSocket module needs zlib to support deflate-frame extension.
276
277         * wtf/Platform.h:
278
279 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
280
281         NumericStrings should be inlined
282         https://bugs.webkit.org/show_bug.cgi?id=81183
283
284         Reviewed by Gavin Barraclough.
285
286         NumericStrings is not always inlined. When it is not, the class is not faster
287         than using UString::number() directly.
288
289         * runtime/NumericStrings.h:
290         (JSC::NumericStrings::add):
291         (JSC::NumericStrings::lookupSmallString):
292
293 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
294
295         Fix ARM build after r110792.
296
297         Unreviewed build fix.
298
299         * jit/ExecutableAllocator.h:
300         (JSC::ExecutableAllocator::cacheFlush):
301         Remove superfluous curly brackets.
302
303 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
304
305         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
306         https://bugs.webkit.org/show_bug.cgi?id=81256
307
308         Reviewed by Oliver Hunt.
309
310         This is a 0.5% sunspider progression.
311
312         * assembler/MacroAssemblerARMv7.h:
313         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
314             - switch which form of vmov we use.
315
316 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
317
318         [EFL] Add OwnPtr specialization for Ecore_Timer.
319         https://bugs.webkit.org/show_bug.cgi?id=80119
320
321         Reviewed by Hajime Morita.
322
323         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
324
325         * wtf/OwnPtrCommon.h:
326         (WTF):
327         * wtf/efl/OwnPtrEfl.cpp:
328         (WTF::deleteOwnedPtr):
329         (WTF):
330
331 2012-03-15  Hojong Han  <hojong.han@samsung.com>
332
333         Linux has madvise enough to support OSAllocator::commit/decommit
334         https://bugs.webkit.org/show_bug.cgi?id=80505
335
336         Reviewed by Geoffrey Garen.
337
338         * wtf/OSAllocatorPosix.cpp:
339         (WTF::OSAllocator::reserveUncommitted):
340         (WTF::OSAllocator::commit):
341         (WTF::OSAllocator::decommit):
342
343 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
344
345         Windows build fix.
346
347         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
348         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
349         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
350         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
351
352 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
353
354         Windows build fix.
355
356         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
357
358 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
359
360         Move wx port to using export macros
361         https://bugs.webkit.org/show_bug.cgi?id=77279
362
363         Reviewed by Hajime Morita.
364
365         * wscript:
366         * wtf/Platform.h:
367
368 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
369
370         Avoid StringImpl::getData16SlowCase() when sorting array
371         https://bugs.webkit.org/show_bug.cgi?id=81070
372
373         Reviewed by Geoffrey Garen.
374
375         The function codePointCompare() is used intensively when sorting strings.
376         This patch improves its performance by:
377         -Avoiding character conversion.
378         -Inlining the function.
379
380         This makes Peacekeeper's arrayCombined test 30% faster.
381
382         * wtf/text/StringImpl.cpp:
383         * wtf/text/StringImpl.h:
384         (WTF):
385         (WTF::codePointCompare):
386         (WTF::codePointCompare8):
387         (WTF::codePointCompare16):
388         (WTF::codePointCompare8To16):
389
390 2012-03-14  Hojong Han  <hojong.han@samsung.com>
391
392         Fix memory allocation failed by fastmalloc
393         https://bugs.webkit.org/show_bug.cgi?id=79614
394
395         Reviewed by Geoffrey Garen.
396
397         Memory allocation failed even if the heap grows successfully.
398         It is wrong to get the span only from the large list after the heap grows,
399         because new span could be added in the normal list.
400
401         * wtf/FastMalloc.cpp:
402         (WTF::TCMalloc_PageHeap::New):
403
404 2012-03-14  Hojong Han  <hojong.han@samsung.com>
405
406         Run cacheFlush page by page to assure of flushing all the requested ranges
407         https://bugs.webkit.org/show_bug.cgi?id=77712
408
409         Reviewed by Geoffrey Garen.
410
411         Current MetaAllocator concept, always coalesces adjacent free spaces,
412         doesn't meet memory management of Linux kernel.
413         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
414         Therefore cacheFlush page by page guarantees a flush-requested range.
415
416         * jit/ExecutableAllocator.h:
417         (JSC::ExecutableAllocator::cacheFlush):
418
419 2012-03-14  Oliver Hunt  <oliver@apple.com>
420
421         Make ARMv7 work again
422         https://bugs.webkit.org/show_bug.cgi?id=81157
423
424         Reviewed by Geoffrey Garen.
425
426         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
427         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
428         nefarious purposes.
429
430         * assembler/MacroAssembler.h:
431         (JSC::MacroAssembler::store32):
432         * assembler/MacroAssemblerARMv7.h:
433         (MacroAssemblerARMv7):
434
435 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
436
437         Heap::destroy leaks CopiedSpace
438         https://bugs.webkit.org/show_bug.cgi?id=81055
439
440         Reviewed by Geoffrey Garen.
441
442         Added a destroy() function to CopiedSpace that moves all normal size 
443         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
444         as well as deallocates all of the oversize blocks in the CopiedSpace. 
445         This function is now called in Heap::destroy().
446
447         * heap/CopiedSpace.cpp:
448         (JSC::CopiedSpace::destroy):
449         (JSC):
450         * heap/CopiedSpace.h:
451         (CopiedSpace):
452         * heap/Heap.cpp:
453         (JSC::Heap::destroy):
454
455 2012-03-14  Andrew Lo  <anlo@rim.com>
456
457         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
458         https://bugs.webkit.org/show_bug.cgi?id=81000
459
460         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
461
462         Reviewed by Antonio Gomes.
463
464         * wtf/Platform.h:
465
466 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
467
468         ValueToInt32 speculation will cause OSR exits even when it does not have to
469         https://bugs.webkit.org/show_bug.cgi?id=81068
470         <rdar://problem/11043926>
471
472         Reviewed by Anders Carlsson.
473         
474         Two related changes:
475         1) ValueToInt32 will now always just defer to the non-speculative path, instead
476            of exiting, if it doesn't know what speculations to perform.
477         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
478
479         * dfg/DFGAbstractState.cpp:
480         (JSC::DFG::AbstractState::execute):
481         * dfg/DFGNode.h:
482         (JSC::DFG::Node::shouldSpeculateBoolean):
483         (Node):
484         * dfg/DFGSpeculativeJIT.cpp:
485         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
486
487 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
488
489         More Windows build fixing
490
491         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
492
493 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
494
495         Windows build fix
496
497         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
498
499 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
500
501         Type conversion of exponential part failed
502         https://bugs.webkit.org/show_bug.cgi?id=80673
503
504         Reviewed by Geoffrey Garen.
505
506         * parser/Lexer.cpp:
507         (JSC::::lex):
508         * runtime/JSGlobalObjectFunctions.cpp:
509         (JSC::parseInt):
510         (JSC):
511         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
512         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
513         parameter for strtod to allow trailing spaces.
514         (JSC::toDouble):
515         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
516         * runtime/LiteralParser.cpp:
517         (JSC::::Lexer::lexNumber):
518         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
519         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
520         * wtf/dtoa.cpp:
521         (WTF):
522         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
523         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
524         * wtf/dtoa.h:
525         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
526         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
527         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
528         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
529         * wtf/text/WTFString.cpp:
530         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
531
532 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
533
534         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
535         Removing the assert for now.
536
537         * dfg/DFGOperations.h:
538         * llint/LLIntSlowPaths.h:
539
540 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
541
542         Functions with C linkage should return POD types
543         https://bugs.webkit.org/show_bug.cgi?id=81061
544
545         Reviewed by Mark Rowe.
546
547         * dfg/DFGOperations.h:
548         * llint/LLIntSlowPaths.h:
549         (LLInt):
550         (SlowPathReturnType):
551         (JSC::LLInt::encodeResult):
552
553 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
554
555         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
556         https://bugs.webkit.org/show_bug.cgi?id=80979
557         <rdar://problem/11036848>
558
559         Reviewed by Oliver Hunt.
560         
561         Also improved DFG IR dumping to include type information in a somewhat more
562         intuitive way.
563
564         * bytecode/PredictedType.cpp:
565         (JSC::predictionToAbbreviatedString):
566         (JSC):
567         * bytecode/PredictedType.h:
568         (JSC):
569         * dfg/DFGAbstractState.cpp:
570         (JSC::DFG::AbstractState::execute):
571         * dfg/DFGGraph.cpp:
572         (JSC::DFG::Graph::dump):
573         * dfg/DFGPredictionPropagationPhase.cpp:
574         (JSC::DFG::PredictionPropagationPhase::propagate):
575         * dfg/DFGSpeculativeJIT.cpp:
576         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
577         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
578         * dfg/DFGSpeculativeJIT.h:
579         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
580
581 2012-03-13  George Staikos  <staikos@webkit.org>
582
583         The callback is only used if SA_RESTART is defined.  Compile it out
584         otherwise to avoid a warning.
585         https://bugs.webkit.org/show_bug.cgi?id=80926
586
587         Reviewed by Alexey Proskuryakov.
588
589         * heap/MachineStackMarker.cpp:
590         (JSC):
591
592 2012-03-13  Hojong Han  <hojong.han@samsung.com>
593
594         Dump the generated code for ARM_TRADITIONAL
595         https://bugs.webkit.org/show_bug.cgi?id=80975
596
597         Reviewed by Gavin Barraclough.
598
599         * assembler/LinkBuffer.h:
600         (JSC::LinkBuffer::dumpCode):
601
602 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
603
604         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
605         https://bugs.webkit.org/show_bug.cgi?id=78853
606
607         Reviewed by Adam Barth.
608
609         * Configurations/FeatureDefines.xcconfig:
610         * wtf/Platform.h:
611
612 2012-03-13  Kwonjin Jeong  <gram@company100.net>
613
614         Remove SlotVisitor::copy() method.
615         https://bugs.webkit.org/show_bug.cgi?id=80973
616
617         Reviewed by Geoffrey Garen.
618
619         SlotVisitor::copy() method isn't called anywhere.
620
621         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
622         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
623
624 2012-03-12  Hojong Han  <hojong.han@samsung.com>
625
626         Fix test cases for RegExp multiline
627         https://bugs.webkit.org/show_bug.cgi?id=80822
628
629         Reviewed by Gavin Barraclough.
630
631         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
632         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
633         * tests/mozilla/js1_2/regexp/beginLine.js:
634         * tests/mozilla/js1_2/regexp/endLine.js:
635
636 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
637
638         Arithmetic use inference should be procedure-global and should run in tandem
639         with type propagation
640         https://bugs.webkit.org/show_bug.cgi?id=80819
641         <rdar://problem/11034006>
642
643         Reviewed by Gavin Barraclough.
644         
645         * CMakeLists.txt:
646         * GNUmakefile.list.am:
647         * JavaScriptCore.xcodeproj/project.pbxproj:
648         * Target.pri:
649         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
650         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
651         * dfg/DFGDriver.cpp:
652         (JSC::DFG::compile):
653         * dfg/DFGPredictionPropagationPhase.cpp:
654         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
655         (PredictionPropagationPhase):
656         (JSC::DFG::PredictionPropagationPhase::isNotZero):
657         (JSC::DFG::PredictionPropagationPhase::propagate):
658         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
659         * dfg/DFGVariableAccessData.h:
660         (JSC::DFG::VariableAccessData::VariableAccessData):
661         (JSC::DFG::VariableAccessData::flags):
662         (VariableAccessData):
663         (JSC::DFG::VariableAccessData::mergeFlags):
664
665 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
666
667         Node::op and Node::flags should be private
668         https://bugs.webkit.org/show_bug.cgi?id=80824
669         <rdar://problem/11033435>
670
671         Reviewed by Gavin Barraclough.
672
673         * CMakeLists.txt:
674         * GNUmakefile.list.am:
675         * JavaScriptCore.xcodeproj/project.pbxproj:
676         * Target.pri:
677         * dfg/DFGAbstractState.cpp:
678         (JSC::DFG::AbstractState::initialize):
679         (JSC::DFG::AbstractState::execute):
680         (JSC::DFG::AbstractState::mergeStateAtTail):
681         (JSC::DFG::AbstractState::mergeToSuccessors):
682         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
683         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
684         * dfg/DFGByteCodeParser.cpp:
685         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
686         (JSC::DFG::ByteCodeParser::getLocal):
687         (JSC::DFG::ByteCodeParser::getArgument):
688         (JSC::DFG::ByteCodeParser::flushArgument):
689         (JSC::DFG::ByteCodeParser::toInt32):
690         (JSC::DFG::ByteCodeParser::isJSConstant):
691         (JSC::DFG::ByteCodeParser::makeSafe):
692         (JSC::DFG::ByteCodeParser::makeDivSafe):
693         (JSC::DFG::ByteCodeParser::handleInlining):
694         (JSC::DFG::ByteCodeParser::parseBlock):
695         (JSC::DFG::ByteCodeParser::processPhiStack):
696         (JSC::DFG::ByteCodeParser::linkBlock):
697         * dfg/DFGCFAPhase.cpp:
698         (JSC::DFG::CFAPhase::performBlockCFA):
699         * dfg/DFGCSEPhase.cpp:
700         (JSC::DFG::CSEPhase::canonicalize):
701         (JSC::DFG::CSEPhase::endIndexForPureCSE):
702         (JSC::DFG::CSEPhase::pureCSE):
703         (JSC::DFG::CSEPhase::byValIsPure):
704         (JSC::DFG::CSEPhase::clobbersWorld):
705         (JSC::DFG::CSEPhase::impureCSE):
706         (JSC::DFG::CSEPhase::globalVarLoadElimination):
707         (JSC::DFG::CSEPhase::getByValLoadElimination):
708         (JSC::DFG::CSEPhase::checkFunctionElimination):
709         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
710         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
711         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
712         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
713         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
714         (JSC::DFG::CSEPhase::performNodeCSE):
715         * dfg/DFGGraph.cpp:
716         (JSC::DFG::Graph::dump):
717         (DFG):
718         * dfg/DFGGraph.h:
719         (JSC::DFG::Graph::addShouldSpeculateInteger):
720         (JSC::DFG::Graph::negateShouldSpeculateInteger):
721         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
722         * dfg/DFGNode.cpp: Removed.
723         * dfg/DFGNode.h:
724         (DFG):
725         (JSC::DFG::Node::Node):
726         (Node):
727         (JSC::DFG::Node::op):
728         (JSC::DFG::Node::flags):
729         (JSC::DFG::Node::setOp):
730         (JSC::DFG::Node::setFlags):
731         (JSC::DFG::Node::mergeFlags):
732         (JSC::DFG::Node::filterFlags):
733         (JSC::DFG::Node::clearFlags):
734         (JSC::DFG::Node::setOpAndDefaultFlags):
735         (JSC::DFG::Node::mustGenerate):
736         (JSC::DFG::Node::isConstant):
737         (JSC::DFG::Node::isWeakConstant):
738         (JSC::DFG::Node::valueOfJSConstant):
739         (JSC::DFG::Node::hasVariableAccessData):
740         (JSC::DFG::Node::hasIdentifier):
741         (JSC::DFG::Node::resolveGlobalDataIndex):
742         (JSC::DFG::Node::hasArithNodeFlags):
743         (JSC::DFG::Node::arithNodeFlags):
744         (JSC::DFG::Node::setArithNodeFlag):
745         (JSC::DFG::Node::mergeArithNodeFlags):
746         (JSC::DFG::Node::hasConstantBuffer):
747         (JSC::DFG::Node::hasRegexpIndex):
748         (JSC::DFG::Node::hasVarNumber):
749         (JSC::DFG::Node::hasScopeChainDepth):
750         (JSC::DFG::Node::hasResult):
751         (JSC::DFG::Node::hasInt32Result):
752         (JSC::DFG::Node::hasNumberResult):
753         (JSC::DFG::Node::hasJSResult):
754         (JSC::DFG::Node::hasBooleanResult):
755         (JSC::DFG::Node::isJump):
756         (JSC::DFG::Node::isBranch):
757         (JSC::DFG::Node::isTerminal):
758         (JSC::DFG::Node::hasHeapPrediction):
759         (JSC::DFG::Node::hasFunctionCheckData):
760         (JSC::DFG::Node::hasStructureTransitionData):
761         (JSC::DFG::Node::hasStructureSet):
762         (JSC::DFG::Node::hasStorageAccessData):
763         (JSC::DFG::Node::hasFunctionDeclIndex):
764         (JSC::DFG::Node::hasFunctionExprIndex):
765         (JSC::DFG::Node::child1):
766         (JSC::DFG::Node::child2):
767         (JSC::DFG::Node::child3):
768         (JSC::DFG::Node::firstChild):
769         (JSC::DFG::Node::numChildren):
770         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
771         * dfg/DFGNodeFlags.h: Added.
772         (DFG):
773         (JSC::DFG::nodeUsedAsNumber):
774         (JSC::DFG::nodeCanTruncateInteger):
775         (JSC::DFG::nodeCanIgnoreNegativeZero):
776         (JSC::DFG::nodeMayOverflow):
777         (JSC::DFG::nodeCanSpeculateInteger):
778         * dfg/DFGNodeType.h: Added.
779         (DFG):
780         (JSC::DFG::defaultFlags):
781         * dfg/DFGPredictionPropagationPhase.cpp:
782         (JSC::DFG::PredictionPropagationPhase::propagate):
783         (JSC::DFG::PredictionPropagationPhase::vote):
784         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
785         (JSC::DFG::PredictionPropagationPhase::fixupNode):
786         * dfg/DFGRedundantPhiEliminationPhase.cpp:
787         (JSC::DFG::RedundantPhiEliminationPhase::run):
788         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
789         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
790         * dfg/DFGSpeculativeJIT.cpp:
791         (JSC::DFG::SpeculativeJIT::useChildren):
792         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
793         (JSC::DFG::SpeculativeJIT::compileMovHint):
794         (JSC::DFG::SpeculativeJIT::compile):
795         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
796         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
797         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
798         (JSC::DFG::SpeculativeJIT::compileAdd):
799         (JSC::DFG::SpeculativeJIT::compare):
800         * dfg/DFGSpeculativeJIT.h:
801         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
802         * dfg/DFGSpeculativeJIT32_64.cpp:
803         (JSC::DFG::SpeculativeJIT::emitCall):
804         (JSC::DFG::SpeculativeJIT::compile):
805         * dfg/DFGSpeculativeJIT64.cpp:
806         (JSC::DFG::SpeculativeJIT::emitCall):
807         (JSC::DFG::SpeculativeJIT::compile):
808         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
809         (JSC::DFG::VirtualRegisterAllocationPhase::run):
810
811 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
812
813         Minor DataLog fixes
814         https://bugs.webkit.org/show_bug.cgi?id=80826
815
816         Reviewed by Andreas Kling.
817
818         * bytecode/ExecutionCounter.cpp:
819         Do not include DataLog.h, it is not used.
820         
821         * jit/ExecutableAllocator.cpp:
822         Ditto.
823
824         * wtf/DataLog.cpp:
825         (WTF::initializeLogFileOnce):
826         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
827
828         * wtf/HashTable.cpp:
829         Include DataLog as it is used.
830
831 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
832
833         Integer overflow check code in arithmetic operation in classic interpreter
834         https://bugs.webkit.org/show_bug.cgi?id=80465
835
836         Reviewed by Gavin Barraclough.
837
838         * interpreter/Interpreter.cpp:
839         (JSC::Interpreter::privateExecute):
840
841 2012-03-12  Zeno Albisser  <zeno@webkit.org>
842
843         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
844         https://bugs.webkit.org/show_bug.cgi?id=80827
845
846         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
847
848         Reviewed by Simon Hausmann.
849
850         * wtf/Platform.h:
851
852 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
853
854         Unreviewed prospective Qt/Mac build fix
855
856         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
857         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
858         constructor.
859
860 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
861
862         All DFG nodes should have a mutable set of flags
863         https://bugs.webkit.org/show_bug.cgi?id=80779
864         <rdar://problem/11026218>
865
866         Reviewed by Gavin Barraclough.
867         
868         Got rid of NodeId, and placed all of the flags that distinguished NodeId
869         from NodeType into a separate Node::flags field. Combined what was previously
870         ArithNodeFlags into Node::flags.
871         
872         In the process of debugging, I found that the debug support in the virtual
873         register allocator was lacking, so I improved it. I also realized that the
874         virtual register allocator was assuming that the nodes in a basic block were
875         contiguous, which is no longer the case. So I fixed that. The fix also made
876         it natural to have more extreme assertions, so I added them. I suspect this
877         will make it easier to catch virtual register allocation bugs in the future.
878         
879         This is mostly performance neutral; if anything it looks like a slight
880         speed-up.
881         
882         This patch does leave some work for future refactorings; for example, Node::op
883         is unencapsulated. This was already the case, though now it feels even more
884         like it should be. I avoided doing that because this patch has already grown
885         way bigger than I wanted.
886         
887         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
888         move some unnecessarily inline stuff out of DFGNode.h.
889
890         * CMakeLists.txt:
891         * GNUmakefile.list.am:
892         * JavaScriptCore.xcodeproj/project.pbxproj:
893         * Target.pri:
894         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
895         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
896         * dfg/DFGByteCodeParser.cpp:
897         (JSC::DFG::ByteCodeParser::addToGraph):
898         (JSC::DFG::ByteCodeParser::makeSafe):
899         (JSC::DFG::ByteCodeParser::makeDivSafe):
900         (JSC::DFG::ByteCodeParser::handleMinMax):
901         (JSC::DFG::ByteCodeParser::handleIntrinsic):
902         (JSC::DFG::ByteCodeParser::parseBlock):
903         * dfg/DFGCFAPhase.cpp:
904         (JSC::DFG::CFAPhase::performBlockCFA):
905         * dfg/DFGCSEPhase.cpp:
906         (JSC::DFG::CSEPhase::endIndexForPureCSE):
907         (JSC::DFG::CSEPhase::pureCSE):
908         (JSC::DFG::CSEPhase::clobbersWorld):
909         (JSC::DFG::CSEPhase::impureCSE):
910         (JSC::DFG::CSEPhase::setReplacement):
911         (JSC::DFG::CSEPhase::eliminate):
912         (JSC::DFG::CSEPhase::performNodeCSE):
913         (JSC::DFG::CSEPhase::performBlockCSE):
914         (CSEPhase):
915         * dfg/DFGGraph.cpp:
916         (JSC::DFG::Graph::opName):
917         (JSC::DFG::Graph::dump):
918         (DFG):
919         * dfg/DFGNode.cpp: Added.
920         (DFG):
921         (JSC::DFG::arithNodeFlagsAsString):
922         * dfg/DFGNode.h:
923         (DFG):
924         (JSC::DFG::nodeUsedAsNumber):
925         (JSC::DFG::nodeCanTruncateInteger):
926         (JSC::DFG::nodeCanIgnoreNegativeZero):
927         (JSC::DFG::nodeMayOverflow):
928         (JSC::DFG::nodeCanSpeculateInteger):
929         (JSC::DFG::defaultFlags):
930         (JSC::DFG::Node::Node):
931         (Node):
932         (JSC::DFG::Node::setOpAndDefaultFlags):
933         (JSC::DFG::Node::mustGenerate):
934         (JSC::DFG::Node::arithNodeFlags):
935         (JSC::DFG::Node::setArithNodeFlag):
936         (JSC::DFG::Node::mergeArithNodeFlags):
937         (JSC::DFG::Node::hasResult):
938         (JSC::DFG::Node::hasInt32Result):
939         (JSC::DFG::Node::hasNumberResult):
940         (JSC::DFG::Node::hasJSResult):
941         (JSC::DFG::Node::hasBooleanResult):
942         (JSC::DFG::Node::isJump):
943         (JSC::DFG::Node::isBranch):
944         (JSC::DFG::Node::isTerminal):
945         (JSC::DFG::Node::child1):
946         (JSC::DFG::Node::child2):
947         (JSC::DFG::Node::child3):
948         (JSC::DFG::Node::firstChild):
949         (JSC::DFG::Node::numChildren):
950         * dfg/DFGPredictionPropagationPhase.cpp:
951         (JSC::DFG::PredictionPropagationPhase::propagate):
952         (JSC::DFG::PredictionPropagationPhase::vote):
953         (JSC::DFG::PredictionPropagationPhase::fixupNode):
954         * dfg/DFGScoreBoard.h:
955         (ScoreBoard):
956         (JSC::DFG::ScoreBoard::~ScoreBoard):
957         (JSC::DFG::ScoreBoard::assertClear):
958         (JSC::DFG::ScoreBoard::use):
959         * dfg/DFGSpeculativeJIT.cpp:
960         (JSC::DFG::SpeculativeJIT::useChildren):
961         * dfg/DFGSpeculativeJIT32_64.cpp:
962         (JSC::DFG::SpeculativeJIT::compile):
963         * dfg/DFGSpeculativeJIT64.cpp:
964         (JSC::DFG::SpeculativeJIT::compile):
965         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
966         (JSC::DFG::VirtualRegisterAllocationPhase::run):
967
968 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
969
970         LLInt should support JSVALUE64
971         https://bugs.webkit.org/show_bug.cgi?id=79609
972         <rdar://problem/10063437>
973
974         Reviewed by Gavin Barraclough and Oliver Hunt.
975         
976         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
977         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
978         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
979         specialized for value representation.
980         
981         Also made some minor changes to offlineasm and the slow-paths.
982
983         * llint/LLIntData.cpp:
984         (JSC::LLInt::Data::performAssertions):
985         * llint/LLIntEntrypoints.cpp:
986         * llint/LLIntSlowPaths.cpp:
987         (LLInt):
988         (JSC::LLInt::llint_trace_value):
989         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
990         (JSC::LLInt::jitCompileAndSetHeuristics):
991         * llint/LLIntSlowPaths.h:
992         (LLInt):
993         (SlowPathReturnType):
994         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
995         (JSC::LLInt::encodeResult):
996         * llint/LLIntThunks.cpp:
997         * llint/LowLevelInterpreter.asm:
998         * llint/LowLevelInterpreter32_64.asm:
999         * llint/LowLevelInterpreter64.asm:
1000         * offlineasm/armv7.rb:
1001         * offlineasm/asm.rb:
1002         * offlineasm/ast.rb:
1003         * offlineasm/backends.rb:
1004         * offlineasm/instructions.rb:
1005         * offlineasm/parser.rb:
1006         * offlineasm/registers.rb:
1007         * offlineasm/transform.rb:
1008         * offlineasm/x86.rb:
1009         * wtf/Platform.h:
1010
1011 2012-03-10  Yong Li  <yoli@rim.com>
1012
1013         Web Worker crashes with WX_EXCLUSIVE
1014         https://bugs.webkit.org/show_bug.cgi?id=80532
1015
1016         Let each JS global object own a meta allocator
1017         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
1018         Also fix a mutex leak in MetaAllocator's dtor.
1019
1020         Reviewed by Filip Pizlo.
1021
1022         * jit/ExecutableAllocator.cpp:
1023         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
1024         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
1025         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
1026         (DemandExecutableAllocator):
1027         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
1028         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
1029         (JSC::DemandExecutableAllocator::allocateNewSpace):
1030         (JSC::DemandExecutableAllocator::allocators):
1031         (JSC::DemandExecutableAllocator::allocatorsMutex):
1032         (JSC):
1033         (JSC::ExecutableAllocator::initializeAllocator):
1034         (JSC::ExecutableAllocator::ExecutableAllocator):
1035         (JSC::ExecutableAllocator::underMemoryPressure):
1036         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1037         (JSC::ExecutableAllocator::allocate):
1038         (JSC::ExecutableAllocator::committedByteCount):
1039         (JSC::ExecutableAllocator::dumpProfile):
1040         * jit/ExecutableAllocator.h:
1041         (JSC):
1042         (ExecutableAllocator):
1043         (JSC::ExecutableAllocator::allocator):
1044         * wtf/MetaAllocator.h:
1045         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
1046         * wtf/TCSpinLock.h:
1047         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
1048
1049 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1050
1051         Object.freeze broken on latest Nightly
1052         https://bugs.webkit.org/show_bug.cgi?id=80577
1053
1054         Reviewed by Oliver Hunt.
1055
1056         The problem here is that deleteProperty rejects deletion of prototype.
1057         This is correct in most cases, however defineOwnPropery is presently
1058         implemented internally to ensure the attributes change by deleting the
1059         old property, and creating a new one.
1060
1061         * runtime/JSFunction.cpp:
1062         (JSC::JSFunction::deleteProperty):
1063             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
1064
1065 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1066
1067         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
1068         https://bugs.webkit.org/show_bug.cgi?id=80663
1069
1070         Reviewed by Michael Saboff.
1071
1072         The bug here is actually that we're continuing to process the array after an exception
1073         has been thrown, and that the second value throw is overriding the first.
1074
1075         * runtime/ArrayPrototype.cpp:
1076         (JSC::arrayProtoFuncToLocaleString):
1077
1078 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
1079
1080         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
1081         https://bugs.webkit.org/show_bug.cgi?id=80080
1082
1083         Reviewed by Filip Pizlo.
1084
1085         * bytecode/SamplingTool.cpp:
1086         (JSC::SamplingRegion::Locker::Locker):
1087         (JSC::SamplingRegion::Locker::~Locker):
1088         * bytecode/SamplingTool.h:
1089         (JSC::SamplingRegion::exchangeCurrent):
1090         * wtf/Atomics.h:
1091         (WTF):
1092         (WTF::weakCompareAndSwap):
1093         (WTF::weakCompareAndSwapUIntPtr):
1094
1095 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1096
1097         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
1098         https://bugs.webkit.org/show_bug.cgi?id=49989
1099
1100         Reviewed by Oliver Hunt.
1101
1102         Patch originally by chris reiss <christopher.reiss@nokia.com>,
1103         allow the year to appear before the timezone in date strings.
1104
1105         * wtf/DateMath.cpp:
1106         (WTF::parseDateFromNullTerminatedCharacters):
1107
1108 2012-03-09  Mark Rowe  <mrowe@apple.com>
1109
1110         Ensure that the WTF headers are copied at installhdrs time.
1111
1112         Reviewed by Dan Bernstein and Jessie Berlin.
1113
1114         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
1115         so that our script phases are invoked at installhdrs time. The only one that
1116         does any useful work at that time is the one that installs WTF headers.
1117
1118 2012-03-09  Jon Lee  <jonlee@apple.com>
1119
1120         Add support for ENABLE(LEGACY_NOTIFICATIONS)
1121         https://bugs.webkit.org/show_bug.cgi?id=80497
1122
1123         Reviewed by Adam Barth.
1124
1125         Prep for b80472: Update API for Web Notifications
1126         * Configurations/FeatureDefines.xcconfig:
1127
1128 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
1129
1130         Bash scripts should support LF endings only
1131         https://bugs.webkit.org/show_bug.cgi?id=79509
1132
1133         Reviewed by David Kilzer.
1134
1135         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
1136         * gyp/run-if-exists.sh: Added property svn:eol-style.
1137         * gyp/update-info-plist.sh: Added property svn:eol-style.
1138
1139 2012-03-09  Jessie Berlin  <jberlin@apple.com>
1140
1141         Windows debug build fix.
1142
1143         * assembler/MacroAssembler.h:
1144         (JSC::MacroAssembler::shouldBlind):
1145         Fix unreachable code warnings (which we treat as errors).
1146
1147 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1148
1149         Reviewed by Zoltan Herczeg.
1150
1151         [Qt] Fix the SH4 build after r109834
1152         https://bugs.webkit.org/show_bug.cgi?id=80492
1153
1154         * assembler/MacroAssemblerSH4.h:
1155         (JSC::MacroAssemblerSH4::branchAdd32):
1156         (JSC::MacroAssemblerSH4::branchSub32):
1157
1158 2012-03-09  Andy Wingo  <wingo@igalia.com>
1159
1160         Refactor code feature analysis in the parser
1161         https://bugs.webkit.org/show_bug.cgi?id=79112
1162
1163         Reviewed by Geoffrey Garen.
1164
1165         This commit refactors the parser to more uniformly propagate flag
1166         bits down and up the parse process, as the parser descends and
1167         returns into nested blocks.  Some flags get passed town to
1168         subscopes, some apply to specific scopes only, and some get
1169         unioned up after parsing subscopes.
1170
1171         The goal is to eventually be very precise with scoping
1172         information, once we have block scopes: one block scope might use
1173         `eval', which would require the emission of a symbol table within
1174         that block and containing blocks, whereas another block in the
1175         same function might not, allowing us to not emit a symbol table.
1176
1177         * parser/Nodes.h:
1178         (JSC::ScopeFlags): Rename from CodeFeatures.
1179         (JSC::ScopeNode::addScopeFlags):
1180         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
1181         (JSC::ScopeNode::isStrictMode):
1182         (JSC::ScopeNode::usesEval):
1183         (JSC::ScopeNode::usesArguments):
1184         (JSC::ScopeNode::setUsesArguments):
1185         (JSC::ScopeNode::usesThis):
1186         (JSC::ScopeNode::needsActivationForMoreThanVariables):
1187         (JSC::ScopeNode::needsActivation): Refactor these accessors to
1188         operate on the m_scopeFlags member.
1189         (JSC::ScopeNode::source):
1190         (JSC::ScopeNode::sourceURL):
1191         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
1192         semantic change.
1193         (JSC::ScopeNode::ScopeNode)
1194         (JSC::ProgramNode::ProgramNode)
1195         (JSC::EvalNode::EvalNode)
1196         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
1197         take a ScopeFlags as an argument, instead of a bool inStrictContext.
1198
1199         * parser/Nodes.cpp:
1200         (JSC::ScopeNode::ScopeNode):
1201         (JSC::ProgramNode::ProgramNode):
1202         (JSC::ProgramNode::create):
1203         (JSC::EvalNode::EvalNode):
1204         (JSC::EvalNode::create):
1205         (JSC::FunctionBodyNode::FunctionBodyNode):
1206         (JSC::FunctionBodyNode::create): Adapt constructors to change.
1207
1208         * parser/ASTBuilder.h:
1209         (JSC::ASTBuilder::ASTBuilder):
1210         (JSC::ASTBuilder::thisExpr):
1211         (JSC::ASTBuilder::createResolve):
1212         (JSC::ASTBuilder::createFunctionBody):
1213         (JSC::ASTBuilder::createFuncDeclStatement):
1214         (JSC::ASTBuilder::createTryStatement):
1215         (JSC::ASTBuilder::createWithStatement):
1216         (JSC::ASTBuilder::addVar):
1217         (JSC::ASTBuilder::Scope::Scope):
1218         (Scope):
1219         (ASTBuilder):
1220         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
1221         features here.  Instead rely on the base Parser mechanism to track
1222         features.
1223
1224         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
1225
1226         * parser/Parser.h:
1227         (JSC::Scope::Scope): Manage scope through flags, not
1228         bit-booleans.  This lets us uniformly propagate them up and down.
1229         (JSC::Scope::declareWrite):
1230         (JSC::Scope::declareParameter):
1231         (JSC::Scope::useVariable):
1232         (JSC::Scope::collectFreeVariables):
1233         (JSC::Scope::getCapturedVariables):
1234         (JSC::Scope::saveFunctionInfo):
1235         (JSC::Scope::restoreFunctionInfo):
1236         (JSC::Parser::pushScope): Adapt to use scope flags and their
1237         accessors instead of bit-booleans.
1238         * parser/Parser.cpp:
1239         (JSC::::Parser):
1240         (JSC::::parseInner):
1241         (JSC::::didFinishParsing):
1242         (JSC::::parseSourceElements):
1243         (JSC::::parseVarDeclarationList):
1244         (JSC::::parseConstDeclarationList):
1245         (JSC::::parseWithStatement):
1246         (JSC::::parseTryStatement):
1247         (JSC::::parseFunctionBody):
1248         (JSC::::parseFunctionInfo):
1249         (JSC::::parseFunctionDeclaration):
1250         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
1251         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
1252         Does not seem to have a performance impact.
1253
1254         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
1255         Cache the scopeflags.
1256         * parser/SyntaxChecker.h: Remove evalCount() decl.
1257
1258         * runtime/Executable.cpp:
1259         (JSC::EvalExecutable::compileInternal):
1260         (JSC::ProgramExecutable::compileInternal):
1261         (JSC::FunctionExecutable::produceCodeBlockFor):
1262         * runtime/Executable.h:
1263         (JSC::ScriptExecutable::ScriptExecutable):
1264         (JSC::ScriptExecutable::usesEval):
1265         (JSC::ScriptExecutable::usesArguments):
1266         (JSC::ScriptExecutable::needsActivation):
1267         (JSC::ScriptExecutable::isStrictMode):
1268         (JSC::ScriptExecutable::recordParse):
1269         (ScriptExecutable): ScopeFlags, not features.
1270
1271 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
1272
1273         Build fix for MSVC after r110266
1274
1275         Unreviewed. A #ifdef for MSVC was left over in r110266.
1276
1277         * runtime/RegExpObject.h:
1278         (RegExpObject):
1279
1280 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
1281
1282         Allocate the RegExpObject's data with the Cell
1283         https://bugs.webkit.org/show_bug.cgi?id=80654
1284
1285         Reviewed by Gavin Barraclough.
1286
1287         This patch removes the creation of RegExpObject's data to avoid the overhead
1288         create by the allocation and destruction.
1289
1290         We RegExp are created repeatedly, this provides some performance improvment.
1291         The PeaceKeeper test stringDetectBrowser improves by 10%.
1292
1293         * runtime/RegExpObject.cpp:
1294         (JSC::RegExpObject::RegExpObject):
1295         (JSC::RegExpObject::visitChildren):
1296         (JSC::RegExpObject::getOwnPropertyDescriptor):
1297         (JSC::RegExpObject::defineOwnProperty):
1298         (JSC::RegExpObject::match):
1299         * runtime/RegExpObject.h:
1300         (JSC::RegExpObject::setRegExp):
1301         (JSC::RegExpObject::regExp):
1302         (JSC::RegExpObject::setLastIndex):
1303         (JSC::RegExpObject::getLastIndex):
1304         (RegExpObject):
1305
1306 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
1307
1308         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
1309         https://bugs.webkit.org/show_bug.cgi?id=80657
1310         
1311         Preparation for WTF separation from JavaScriptCore.
1312         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
1313         dependencies for generated files.
1314         
1315         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
1316         versions of the WTF code independent of the JavaScriptCore code.
1317
1318         Reviewed by Jessie Berlin.
1319
1320         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
1321         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
1322         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
1323         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
1324         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
1325         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
1326         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
1327         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
1328         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
1329         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
1330         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
1331         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
1332         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
1333         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
1334         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
1335         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
1336         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
1337         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
1338         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
1339         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
1340         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
1341
1342 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
1343
1344         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
1345         https://bugs.webkit.org/show_bug.cgi?id=80652
1346
1347         Reviewed by Eric Seidel.
1348
1349         Fix the header, URLSegments.h is not part of the API.
1350
1351         * wtf/url/api/ParsedURL.h:
1352
1353 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
1354
1355         Mac build fix for micro data API.
1356
1357         * Configurations/FeatureDefines.xcconfig:
1358
1359 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
1360
1361         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
1362         https://bugs.webkit.org/show_bug.cgi?id=26890
1363
1364         Reviewed by Oliver Hunt.
1365
1366         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
1367
1368         * runtime/StringPrototype.cpp:
1369         (JSC::replaceUsingRegExpSearch):
1370         (JSC::stringProtoFuncMatch):
1371             - added calls to setLastIndex.
1372
1373 2012-03-08  Matt Lilek  <mrl@apple.com>
1374
1375         Don't enable VIDEO_TRACK on all OS X platforms
1376         https://bugs.webkit.org/show_bug.cgi?id=80635
1377
1378         Reviewed by Eric Carlson.
1379
1380         * Configurations/FeatureDefines.xcconfig:
1381
1382 2012-03-08  Oliver Hunt  <oliver@apple.com>
1383
1384         Build fix.  That day is not today.
1385
1386         * assembler/MacroAssembler.h:
1387         (JSC::MacroAssembler::shouldBlind):
1388         * assembler/MacroAssemblerX86Common.h:
1389         (MacroAssemblerX86Common):
1390         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
1391
1392 2012-03-08  Oliver Hunt  <oliver@apple.com>
1393
1394         Build fix. One of these days I'll manage to commit something that works everywhere.
1395
1396         * assembler/AbstractMacroAssembler.h:
1397         (AbstractMacroAssembler):
1398         * assembler/MacroAssemblerARMv7.h:
1399         (MacroAssemblerARMv7):
1400         * assembler/MacroAssemblerX86Common.h:
1401         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
1402         (MacroAssemblerX86Common):
1403
1404 2012-03-08  Chao-ying Fu  <fu@mips.com>
1405
1406         Update MIPS patchOffsetGetByIdSlowCaseCall
1407         https://bugs.webkit.org/show_bug.cgi?id=80302
1408
1409         Reviewed by Oliver Hunt.
1410
1411         * jit/JIT.h:
1412         (JIT):
1413
1414 2012-03-08  Oliver Hunt  <oliver@apple.com>
1415
1416         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
1417         https://bugs.webkit.org/show_bug.cgi?id=80633
1418
1419         Reviewed by Gavin Barraclough.
1420
1421         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
1422         if there isn't a machine specific implementation (otherwise the 64bit value
1423         got truncated and 32bit checks were used -- leaving 32bits untested).
1424         Also add a bit of logic to ensure that we don't try to blind a few common
1425         constants that go through the ImmPtr paths -- encoded numeric JSValues and
1426         unencoded doubles with common "safe" values.
1427
1428         * assembler/AbstractMacroAssembler.h:
1429         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
1430         * assembler/MacroAssembler.h:
1431         (JSC::MacroAssembler::shouldBlindDouble):
1432         (MacroAssembler):
1433         (JSC::MacroAssembler::shouldBlind):
1434         * assembler/MacroAssemblerX86Common.h:
1435         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
1436
1437 2012-03-08  Mark Rowe  <mrowe@apple.com>
1438
1439         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
1440
1441         Reviewed by Dan Bernstein.
1442
1443         * Configurations/Base.xcconfig:
1444
1445 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
1446
1447         Fix line endings for copy-files.cmd.
1448         
1449         If a cmd file doesn't have Windows line endings, it doesn't work properly.
1450         In this case, the label :clean wasn't found, breaking the clean build.
1451         
1452         Reviewed by Jessie Berlin.
1453
1454         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1455
1456 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
1457
1458         DFG CFA incorrectly handles ValueToInt32
1459         https://bugs.webkit.org/show_bug.cgi?id=80568
1460
1461         Reviewed by Gavin Barraclough.
1462         
1463         Changed it match exactly the decision pattern used in
1464         DFG::SpeculativeJIT::compileValueToInt32
1465
1466         * dfg/DFGAbstractState.cpp:
1467         (JSC::DFG::AbstractState::execute):
1468
1469 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
1470
1471         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
1472         https://bugs.webkit.org/show_bug.cgi?id=80524
1473
1474         Reviewed by Simon Hausmann.
1475
1476         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
1477         of WTF library.
1478
1479         * runtime/Identifier.cpp:
1480         * wtf/WTFThreadData.cpp:
1481         (JSC):
1482         (JSC::IdentifierTable::~IdentifierTable):
1483         (JSC::IdentifierTable::add):
1484
1485 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
1486
1487         DFG instruction count threshold should be lifted to 10000
1488         https://bugs.webkit.org/show_bug.cgi?id=80579
1489
1490         Reviewed by Gavin Barraclough.
1491
1492         * runtime/Options.cpp:
1493         (JSC::Options::initializeOptions):
1494
1495 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
1496
1497         Incorrect tracking of abstract values of variables forced double
1498         https://bugs.webkit.org/show_bug.cgi?id=80566
1499         <rdar://problem/11001442>
1500
1501         Reviewed by Gavin Barraclough.
1502
1503         * dfg/DFGAbstractState.cpp:
1504         (JSC::DFG::AbstractState::mergeStateAtTail):
1505
1506 2012-03-07  Chao-yng Fu  <fu@mips.com>
1507
1508         [Qt] Fix the MIPS/SH4 build after r109834
1509         https://bugs.webkit.org/show_bug.cgi?id=80492
1510
1511         Reviewed by Oliver Hunt.
1512
1513         Implement three-argument branch(Add,Sub)32.
1514
1515         * assembler/MacroAssemblerMIPS.h:
1516         (JSC::MacroAssemblerMIPS::add32):
1517         (MacroAssemblerMIPS):
1518         (JSC::MacroAssemblerMIPS::sub32):
1519         (JSC::MacroAssemblerMIPS::branchAdd32):
1520         (JSC::MacroAssemblerMIPS::branchSub32):
1521
1522 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
1523
1524         Unreviewed, rolling out r110127.
1525         http://trac.webkit.org/changeset/110127
1526         https://bugs.webkit.org/show_bug.cgi?id=80562
1527
1528         compile failed on AppleWin (Requested by ukai on #webkit).
1529
1530         * heap/Heap.cpp:
1531         (JSC::Heap::collectAllGarbage):
1532         * heap/Heap.h:
1533         (JSC):
1534         (Heap):
1535         * runtime/Executable.cpp:
1536         (JSC::FunctionExecutable::FunctionExecutable):
1537         (JSC::FunctionExecutable::finalize):
1538         * runtime/Executable.h:
1539         (FunctionExecutable):
1540         (JSC::FunctionExecutable::create):
1541         * runtime/JSGlobalData.cpp:
1542         (WTF):
1543         (Recompiler):
1544         (WTF::Recompiler::operator()):
1545         (JSC::JSGlobalData::recompileAllJSFunctions):
1546         (JSC):
1547         * runtime/JSGlobalData.h:
1548         (JSGlobalData):
1549         * runtime/JSGlobalObject.cpp:
1550         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
1551
1552 2012-03-07  Hojong Han  <hojong.han@samsung.com>
1553
1554         The end atom of the marked block considered to filter invalid cells
1555         https://bugs.webkit.org/show_bug.cgi?id=79191
1556
1557         Reviewed by Geoffrey Garen.
1558
1559         Register file could have stale pointers beyond the end atom of marked block.
1560         Those pointers can weasel out of filtering in-middle-of-cell pointer.
1561
1562         * heap/MarkedBlock.h:
1563         (JSC::MarkedBlock::isLiveCell):
1564
1565 2012-03-07  Jessie Berlin  <jberlin@apple.com>
1566
1567         Clean Windows build fails after r110033
1568         https://bugs.webkit.org/show_bug.cgi?id=80553
1569
1570         Rubber-stamped by Jon Honeycutt and Eric Seidel.
1571
1572         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1573         Place the implementation files next to their header files in the wtf/text subdirectory.
1574         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
1575         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
1576         Update the path to those implementation files.
1577         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
1578         Ditto.
1579
1580 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
1581
1582         Eliminate redundant Phis in DFG
1583         https://bugs.webkit.org/show_bug.cgi?id=80415
1584
1585         Reviewed by Filip Pizlo.
1586
1587         Although this may not have any advantage at current stage, this is towards
1588         minimal SSA to make more high level optimizations (like bug 76770) easier.
1589         We have the choices either to build minimal SSA from scratch or to
1590         keep current simple Phi insertion mechanism and remove the redundancy
1591         in another phase. Currently we choose the latter because the change
1592         could be smaller.
1593
1594         * CMakeLists.txt:
1595         * GNUmakefile.list.am:
1596         * JavaScriptCore.xcodeproj/project.pbxproj:
1597         * Target.pri:
1598         * dfg/DFGDriver.cpp:
1599         (JSC::DFG::compile):
1600         * dfg/DFGGraph.cpp:
1601         (JSC::DFG::Graph::dump):
1602         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
1603         (DFG):
1604         (RedundantPhiEliminationPhase):
1605         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
1606         (JSC::DFG::RedundantPhiEliminationPhase::run):
1607         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
1608         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1609         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
1610         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1611         (JSC::DFG::performRedundantPhiElimination):
1612         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
1613         (DFG):
1614
1615 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1616
1617         Refactor recompileAllJSFunctions() to be less expensive
1618         https://bugs.webkit.org/show_bug.cgi?id=80330
1619
1620         Reviewed by Geoffrey Garen.
1621
1622         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
1623         load performance, which currently does at least a couple full GCs per navigation.
1624
1625         * heap/Heap.cpp:
1626         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
1627         because the function doesn't actually recompile anything (and never did); it simply throws code
1628         away for it to be recompiled later if we determine we should do so.
1629         (JSC):
1630         (JSC::Heap::collectAllGarbage):
1631         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
1632         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
1633         * heap/Heap.h:
1634         (JSC):
1635         (Heap):
1636         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
1637         be used in DoublyLinkedLists.
1638         (JSC::FunctionExecutable::FunctionExecutable):
1639         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
1640         * runtime/Executable.h:
1641         (FunctionExecutable):
1642         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
1643         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
1644         the list of FunctionExecutables.
1645         * runtime/JSGlobalData.h:
1646         (JSGlobalData):
1647         * runtime/JSGlobalObject.cpp:
1648         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
1649
1650 2012-03-06  Oliver Hunt  <oliver@apple.com>
1651
1652         Further harden 64-bit JIT
1653         https://bugs.webkit.org/show_bug.cgi?id=80457
1654
1655         Reviewed by Filip Pizlo.
1656
1657         This patch implements blinding for ImmPtr.  Rather than xor based blinding
1658         we perform randomised pointer rotations in order to avoid the significant
1659         cost in executable memory that would otherwise be necessary (and to avoid
1660         the need for an additional scratch register in some cases).
1661
1662         As with the prior blinding patch there's a moderate amount of noise as we
1663         correct the use of ImmPtr vs. TrustedImmPtr.
1664
1665         * assembler/AbstractMacroAssembler.h:
1666         (ImmPtr):
1667         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
1668         * assembler/MacroAssembler.h:
1669         (MacroAssembler):
1670         (JSC::MacroAssembler::storePtr):
1671         (JSC::MacroAssembler::branchPtr):
1672         (JSC::MacroAssembler::shouldBlind):
1673         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
1674         (RotatedImmPtr):
1675         (JSC::MacroAssembler::rotationBlindConstant):
1676         (JSC::MacroAssembler::loadRotationBlindedConstant):
1677         (JSC::MacroAssembler::convertInt32ToDouble):
1678         (JSC::MacroAssembler::move):
1679         (JSC::MacroAssembler::poke):
1680         * assembler/MacroAssemblerARMv7.h:
1681         (JSC::MacroAssemblerARMv7::storeDouble):
1682         (JSC::MacroAssemblerARMv7::branchAdd32):
1683         * assembler/MacroAssemblerX86_64.h:
1684         (MacroAssemblerX86_64):
1685         (JSC::MacroAssemblerX86_64::rotateRightPtr):
1686         (JSC::MacroAssemblerX86_64::xorPtr):
1687         * assembler/X86Assembler.h:
1688         (X86Assembler):
1689         (JSC::X86Assembler::xorq_rm):
1690         (JSC::X86Assembler::rorq_i8r):
1691         * dfg/DFGCCallHelpers.h:
1692         (CCallHelpers):
1693         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1694         * dfg/DFGOSRExitCompiler32_64.cpp:
1695         (JSC::DFG::OSRExitCompiler::compileExit):
1696         * dfg/DFGOSRExitCompiler64.cpp:
1697         (JSC::DFG::OSRExitCompiler::compileExit):
1698         * dfg/DFGSpeculativeJIT.cpp:
1699         (JSC::DFG::SpeculativeJIT::createOSREntries):
1700         * dfg/DFGSpeculativeJIT.h:
1701         (JSC::DFG::SpeculativeJIT::silentFillGPR):
1702         (JSC::DFG::SpeculativeJIT::callOperation):
1703         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
1704         * dfg/DFGSpeculativeJIT32_64.cpp:
1705         (JSC::DFG::SpeculativeJIT::compile):
1706         * dfg/DFGSpeculativeJIT64.cpp:
1707         (JSC::DFG::SpeculativeJIT::fillInteger):
1708         (JSC::DFG::SpeculativeJIT::fillDouble):
1709         (JSC::DFG::SpeculativeJIT::fillJSValue):
1710         (JSC::DFG::SpeculativeJIT::emitCall):
1711         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1712         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1713         (JSC::DFG::SpeculativeJIT::emitBranch):
1714         * jit/JIT.cpp:
1715         (JSC::JIT::emitOptimizationCheck):
1716         * jit/JITArithmetic32_64.cpp:
1717         (JSC::JIT::emitSlow_op_post_inc):
1718         * jit/JITInlineMethods.h:
1719         (JSC::JIT::emitValueProfilingSite):
1720         (JSC::JIT::emitGetVirtualRegister):
1721         * jit/JITOpcodes.cpp:
1722         (JSC::JIT::emit_op_mov):
1723         (JSC::JIT::emit_op_new_object):
1724         (JSC::JIT::emit_op_strcat):
1725         (JSC::JIT::emit_op_ensure_property_exists):
1726         (JSC::JIT::emit_op_resolve_skip):
1727         (JSC::JIT::emitSlow_op_resolve_global):
1728         (JSC::JIT::emit_op_resolve_with_base):
1729         (JSC::JIT::emit_op_resolve_with_this):
1730         (JSC::JIT::emit_op_jmp_scopes):
1731         (JSC::JIT::emit_op_switch_imm):
1732         (JSC::JIT::emit_op_switch_char):
1733         (JSC::JIT::emit_op_switch_string):
1734         (JSC::JIT::emit_op_throw_reference_error):
1735         (JSC::JIT::emit_op_debug):
1736         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
1737         (JSC::JIT::emit_op_new_array):
1738         (JSC::JIT::emitSlow_op_new_array):
1739         (JSC::JIT::emit_op_new_array_buffer):
1740         * jit/JITOpcodes32_64.cpp:
1741         (JSC::JIT::emit_op_new_object):
1742         (JSC::JIT::emit_op_strcat):
1743         (JSC::JIT::emit_op_ensure_property_exists):
1744         (JSC::JIT::emit_op_resolve_skip):
1745         (JSC::JIT::emitSlow_op_resolve_global):
1746         (JSC::JIT::emit_op_resolve_with_base):
1747         (JSC::JIT::emit_op_resolve_with_this):
1748         (JSC::JIT::emit_op_jmp_scopes):
1749         (JSC::JIT::emit_op_switch_imm):
1750         (JSC::JIT::emit_op_switch_char):
1751         (JSC::JIT::emit_op_switch_string):
1752         * jit/JITPropertyAccess32_64.cpp:
1753         (JSC::JIT::emit_op_put_by_index):
1754         * jit/JITStubCall.h:
1755         (JITStubCall):
1756         (JSC::JITStubCall::addArgument):
1757
1758 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
1759
1760         ARM build fix.
1761
1762         Reviewed by Zoltan Herczeg.
1763
1764         Implement three-argument branch(Add,Sub)32.
1765
1766         * assembler/MacroAssemblerARM.h:
1767         (JSC::MacroAssemblerARM::add32):
1768         (MacroAssemblerARM):
1769         (JSC::MacroAssemblerARM::sub32):
1770         (JSC::MacroAssemblerARM::branchAdd32):
1771         (JSC::MacroAssemblerARM::branchSub32):
1772
1773 2012-03-07  Andy Wingo  <wingo@igalia.com>
1774
1775         Parser: Inline ScopeNodeData into ScopeNode
1776         https://bugs.webkit.org/show_bug.cgi?id=79776
1777
1778         Reviewed by Geoffrey Garen.
1779
1780         It used to be that some ScopeNode members were kept in a separate
1781         structure because sometimes they wouldn't be needed, and
1782         allocating a ParserArena was expensive.  This patch makes
1783         ParserArena lazily allocate its IdentifierArena, allowing the
1784         members to be included directly, which is simpler and easier to
1785         reason about.
1786
1787         * parser/ParserArena.cpp:
1788         (JSC::ParserArena::ParserArena):
1789         (JSC::ParserArena::reset):
1790         (JSC::ParserArena::isEmpty):
1791         * parser/ParserArena.h:
1792         (JSC::ParserArena::identifierArena): Lazily allocate the
1793         IdentifierArena.
1794
1795         * parser/Nodes.cpp:
1796         (JSC::ScopeNode::ScopeNode):
1797         (JSC::ScopeNode::singleStatement):
1798         (JSC::ProgramNode::create):
1799         (JSC::EvalNode::create):
1800         (JSC::FunctionBodyNode::create):
1801         * parser/Nodes.h:
1802         (JSC::ScopeNode::destroyData):
1803         (JSC::ScopeNode::needsActivationForMoreThanVariables):
1804         (JSC::ScopeNode::needsActivation):
1805         (JSC::ScopeNode::hasCapturedVariables):
1806         (JSC::ScopeNode::capturedVariableCount):
1807         (JSC::ScopeNode::captures):
1808         (JSC::ScopeNode::varStack):
1809         (JSC::ScopeNode::functionStack):
1810         (JSC::ScopeNode::neededConstants):
1811         (ScopeNode):
1812         * bytecompiler/NodesCodegen.cpp:
1813         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
1814         into ScopeNode.  Adapt accessors.
1815
1816 2012-03-06  Eric Seidel  <eric@webkit.org>
1817
1818         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
1819         https://bugs.webkit.org/show_bug.cgi?id=80363
1820
1821         Reviewed by Mark Rowe.
1822
1823         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
1824         its headers have appeared as part of the "private" headers exported by
1825         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
1826         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
1827         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
1828
1829         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
1830         own directory and project.  As part of such, the WTF headers will no longer be part of
1831         the JavaScriptCore private interfaces.
1832         In preparation for that, this change makes both the Mac and Win builds export
1833         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
1834         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
1835
1836         There are 5 parts to this change.
1837         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
1838             (and header directories) into the appropriate places in the build directory.
1839         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
1840             (WebCore, WebKit, etc. had already been taught to look in previous patches).
1841         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
1842             using fully qualified paths.
1843         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
1844         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
1845
1846         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
1847         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
1848         headers, those will have to be updated to use <wtf/Foo.h> after this change.
1849         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
1850         are ready for (and interested in) this change happening.
1851
1852         * API/tests/JSNode.c:
1853         * API/tests/JSNodeList.c:
1854         * Configurations/Base.xcconfig:
1855         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
1856         * JavaScriptCore.xcodeproj/project.pbxproj:
1857         * assembler/MacroAssemblerCodeRef.h:
1858         * bytecompiler/BytecodeGenerator.h:
1859         * dfg/DFGOperations.cpp:
1860         * heap/GCAssertions.h:
1861         * heap/HandleHeap.h:
1862         * heap/HandleStack.h:
1863         * heap/MarkedSpace.h:
1864         * heap/PassWeak.h:
1865         * heap/Strong.h:
1866         * heap/Weak.h:
1867         * jit/HostCallReturnValue.cpp:
1868         * jit/JIT.cpp:
1869         * jit/JITStubs.cpp:
1870         * jit/ThunkGenerators.cpp:
1871         * parser/Lexer.cpp:
1872         * runtime/Completion.cpp:
1873         * runtime/Executable.cpp:
1874         * runtime/Identifier.h:
1875         * runtime/InitializeThreading.cpp:
1876         * runtime/JSDateMath.cpp:
1877         * runtime/JSGlobalObjectFunctions.cpp:
1878         * runtime/JSStringBuilder.h:
1879         * runtime/JSVariableObject.h:
1880         * runtime/NumberPrototype.cpp:
1881         * runtime/WriteBarrier.h:
1882         * tools/CodeProfile.cpp:
1883         * tools/TieredMMapArray.h:
1884         * wtf/AVLTree.h:
1885         * wtf/Alignment.h:
1886         * wtf/AlwaysInline.h:
1887         * wtf/ArrayBufferView.h:
1888         * wtf/Assertions.h:
1889         * wtf/Atomics.h:
1890         * wtf/Bitmap.h:
1891         * wtf/BoundsCheckedPointer.h:
1892         * wtf/CheckedArithmetic.h:
1893         * wtf/Deque.h:
1894         * wtf/ExportMacros.h:
1895         * wtf/FastAllocBase.h:
1896         * wtf/FastMalloc.h:
1897         * wtf/Float32Array.h:
1898         * wtf/Float64Array.h:
1899         * wtf/Functional.h:
1900         * wtf/HashCountedSet.h:
1901         * wtf/HashFunctions.h:
1902         * wtf/HashMap.h:
1903         * wtf/HashSet.h:
1904         * wtf/HashTable.h:
1905         * wtf/HashTraits.h:
1906         * wtf/Int16Array.h:
1907         * wtf/Int32Array.h:
1908         * wtf/Int8Array.h:
1909         * wtf/IntegralTypedArrayBase.h:
1910         * wtf/ListHashSet.h:
1911         * wtf/MainThread.h:
1912         * wtf/MetaAllocator.h:
1913         * wtf/Noncopyable.h:
1914         * wtf/OwnArrayPtr.h:
1915         * wtf/OwnPtr.h:
1916         * wtf/PackedIntVector.h:
1917         * wtf/ParallelJobs.h:
1918         * wtf/PassOwnArrayPtr.h:
1919         * wtf/PassOwnPtr.h:
1920         * wtf/PassRefPtr.h:
1921         * wtf/PassTraits.h:
1922         * wtf/Platform.h:
1923         * wtf/PossiblyNull.h:
1924         * wtf/RefCounted.h:
1925         * wtf/RefCountedLeakCounter.h:
1926         * wtf/RefPtr.h:
1927         * wtf/RetainPtr.h:
1928         * wtf/SimpleStats.h:
1929         * wtf/Spectrum.h:
1930         * wtf/StdLibExtras.h:
1931         * wtf/TCPageMap.h:
1932         * wtf/TemporaryChange.h:
1933         * wtf/ThreadSafeRefCounted.h:
1934         * wtf/Threading.h:
1935         * wtf/ThreadingPrimitives.h:
1936         * wtf/TypeTraits.h:
1937         * wtf/TypedArrayBase.h:
1938         * wtf/Uint16Array.h:
1939         * wtf/Uint32Array.h:
1940         * wtf/Uint8Array.h:
1941         * wtf/Uint8ClampedArray.h:
1942         * wtf/UnusedParam.h:
1943         * wtf/Vector.h:
1944         * wtf/VectorTraits.h:
1945         * wtf/dtoa/double-conversion.h:
1946         * wtf/dtoa/utils.h:
1947         * wtf/gobject/GRefPtr.h:
1948         * wtf/gobject/GlibUtilities.h:
1949         * wtf/text/AtomicString.h:
1950         * wtf/text/AtomicStringImpl.h:
1951         * wtf/text/CString.h:
1952         * wtf/text/StringConcatenate.h:
1953         * wtf/text/StringHash.h:
1954         * wtf/text/WTFString.h:
1955         * wtf/unicode/CharacterNames.h:
1956         * wtf/unicode/UTF8.h:
1957         * wtf/unicode/glib/UnicodeGLib.h:
1958         * wtf/unicode/qt4/UnicodeQt4.h:
1959         * wtf/unicode/wince/UnicodeWinCE.h:
1960         * wtf/url/api/ParsedURL.h:
1961         * wtf/url/api/URLString.h:
1962         * wtf/wince/FastMallocWinCE.h:
1963         * yarr/YarrJIT.cpp:
1964
1965 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
1966
1967         Array.prototype functions should throw if delete fails
1968         https://bugs.webkit.org/show_bug.cgi?id=80467
1969
1970         Reviewed by Oliver Hunt.
1971
1972         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
1973         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
1974         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
1975         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
1976         routines, for handling arrays with holes. These three copies should be unified.
1977
1978         * runtime/ArrayPrototype.cpp:
1979         (JSC::shift):
1980         (JSC::unshift):
1981             - Added - shared copies of the shift/unshift functionality.
1982         (JSC::arrayProtoFuncPop):
1983             - should throw if the delete fails.
1984         (JSC::arrayProtoFuncReverse):
1985             - should throw if the delete fails.
1986         (JSC::arrayProtoFuncShift):
1987         (JSC::arrayProtoFuncSplice):
1988         (JSC::arrayProtoFuncUnShift):
1989             - use shift/unshift.
1990         * runtime/JSArray.cpp:
1991         (JSC::JSArray::shiftCount):
1992         (JSC::JSArray::unshiftCount):
1993             - Don't try to handle arrays with holes; return a value indicating
1994               the generic routine should be used instead.
1995         * runtime/JSArray.h:
1996             - declaration for shiftCount/unshiftCount changed.
1997         * tests/mozilla/js1_6/Array/regress-304828.js:
1998             - this was asserting incorrect behaviour.
1999
2000 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2001
2002         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
2003         https://bugs.webkit.org/show_bug.cgi?id=80469
2004
2005         Reviewed by Antonio Gomes.
2006
2007         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
2008         property on the library being created.
2009
2010 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2011
2012         DFG BasicBlock should group the Phi nodes together and separate them
2013         from the other nodes
2014         https://bugs.webkit.org/show_bug.cgi?id=80361
2015
2016         Reviewed by Filip Pizlo.
2017
2018         This would make it more efficient to remove the redundant Phi nodes or
2019         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
2020         This is performance neutral on SunSpider, V8 and Kraken.
2021
2022         * dfg/DFGAbstractState.cpp:
2023         (JSC::DFG::AbstractState::clobberStructures):
2024         (JSC::DFG::AbstractState::dump):
2025         * dfg/DFGBasicBlock.h:
2026         (JSC::DFG::BasicBlock::BasicBlock):
2027         (BasicBlock):
2028         * dfg/DFGByteCodeParser.cpp:
2029         (JSC::DFG::ByteCodeParser::addToGraph):
2030         (JSC::DFG::ByteCodeParser::insertPhiNode):
2031         * dfg/DFGCFAPhase.cpp:
2032         (JSC::DFG::CFAPhase::performBlockCFA):
2033         * dfg/DFGCSEPhase.cpp:
2034         (JSC::DFG::CSEPhase::pureCSE):
2035         (JSC::DFG::CSEPhase::impureCSE):
2036         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2037         (JSC::DFG::CSEPhase::getByValLoadElimination):
2038         (JSC::DFG::CSEPhase::checkFunctionElimination):
2039         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2040         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2041         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2042         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2043         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2044         (JSC::DFG::CSEPhase::performBlockCSE):
2045         * dfg/DFGGraph.cpp:
2046         (JSC::DFG::Graph::dump):
2047         * dfg/DFGSpeculativeJIT.cpp:
2048         (JSC::DFG::SpeculativeJIT::compile):
2049
2050 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2051
2052         GCActivityCallback timer should vary with the length of the previous GC
2053         https://bugs.webkit.org/show_bug.cgi?id=80344
2054
2055         Reviewed by Geoffrey Garen.
2056
2057         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
2058         GC length so that the GC Activity Callback can use it.
2059         (JSC::Heap::Heap):
2060         (JSC::Heap::collect):
2061         * heap/Heap.h:
2062         (JSC::Heap::lastGCLength):
2063         (Heap):
2064         * runtime/GCActivityCallbackCF.cpp:
2065         (JSC):
2066         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
2067         GC to determine the length of our timer trigger (currently set at 100x the duration 
2068         of the last GC).
2069
2070 2012-03-06  Rob Buis  <rbuis@rim.com>
2071
2072         BlackBerry] Fix cast-align gcc warnings when compiling JSC
2073         https://bugs.webkit.org/show_bug.cgi?id=80420
2074
2075         Reviewed by Gavin Barraclough.
2076
2077         Fix warnings given in Blackberry build.
2078
2079         * heap/CopiedBlock.h:
2080         (JSC::CopiedBlock::CopiedBlock):
2081         * wtf/RefCountedArray.h:
2082         (WTF::RefCountedArray::Header::fromPayload):
2083
2084 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2085
2086         writable/configurable not respected for some properties of Function/String/Arguments
2087         https://bugs.webkit.org/show_bug.cgi?id=80436
2088
2089         Reviewed by Oliver Hunt.
2090
2091         Special properties should behave like regular properties.
2092
2093         * runtime/Arguments.cpp:
2094         (JSC::Arguments::defineOwnProperty):
2095             - Mis-nested logic for making read-only properties non-live.
2096         * runtime/JSFunction.cpp:
2097         (JSC::JSFunction::put):
2098             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2099         (JSC::JSFunction::deleteProperty):
2100             - Attempting to delete prototype/caller should fail.
2101         (JSC::JSFunction::defineOwnProperty):
2102             - Ensure prototype is reified on attempt to reify it.
2103             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2104         * runtime/JSFunction.h:
2105             - added declaration for defineOwnProperty.
2106         (JSFunction):
2107         * runtime/StringObject.cpp:
2108         (JSC::StringObject::put):
2109             - length is non-writable, non-configurable - reject appropriately.
2110
2111 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
2112
2113         TypedArray subarray call for subarray does not clamp the end index parameter properly
2114         https://bugs.webkit.org/show_bug.cgi?id=80285
2115
2116         Reviewed by Kenneth Russell.
2117
2118         * wtf/ArrayBufferView.h:
2119         (WTF::ArrayBufferView::calculateOffsetAndLength):
2120
2121 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
2122
2123         Unreviewed, rolling out r109837.
2124         http://trac.webkit.org/changeset/109837
2125         https://bugs.webkit.org/show_bug.cgi?id=80399
2126
2127         breaks Mac Productions builds, too late to try and fix it
2128         tonight (Requested by eseidel on #webkit).
2129
2130         * API/tests/JSNode.c:
2131         * API/tests/JSNodeList.c:
2132         * Configurations/Base.xcconfig:
2133         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2134         * JavaScriptCore.xcodeproj/project.pbxproj:
2135         * assembler/MacroAssemblerCodeRef.h:
2136         * bytecompiler/BytecodeGenerator.h:
2137         * dfg/DFGOperations.cpp:
2138         * heap/GCAssertions.h:
2139         * heap/HandleHeap.h:
2140         * heap/HandleStack.h:
2141         * heap/MarkedSpace.h:
2142         * heap/PassWeak.h:
2143         * heap/Strong.h:
2144         * heap/Weak.h:
2145         * jit/HostCallReturnValue.cpp:
2146         * jit/JIT.cpp:
2147         * jit/JITStubs.cpp:
2148         * jit/ThunkGenerators.cpp:
2149         * parser/Lexer.cpp:
2150         * runtime/Completion.cpp:
2151         * runtime/Executable.cpp:
2152         * runtime/Identifier.h:
2153         * runtime/InitializeThreading.cpp:
2154         * runtime/JSDateMath.cpp:
2155         * runtime/JSGlobalObjectFunctions.cpp:
2156         * runtime/JSStringBuilder.h:
2157         * runtime/JSVariableObject.h:
2158         * runtime/NumberPrototype.cpp:
2159         * runtime/WriteBarrier.h:
2160         * tools/CodeProfile.cpp:
2161         * tools/TieredMMapArray.h:
2162         * yarr/YarrJIT.cpp:
2163
2164 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
2165
2166         [Qt][ARM] Speculative buildfix after r109834.
2167
2168         Reviewed by Csaba Osztrogonác.
2169
2170         * assembler/MacroAssemblerARM.h:
2171         (JSC::MacroAssemblerARM::and32):
2172         (MacroAssemblerARM):
2173
2174 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
2175
2176         Unreviewed windows build fix pt 2.
2177
2178         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2179
2180 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
2181
2182         Unreviewed windows build fix pt 1.
2183
2184         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2185
2186 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
2187
2188         putByIndex should throw in strict mode
2189         https://bugs.webkit.org/show_bug.cgi?id=80335
2190
2191         Reviewed by Filip Pizlo.
2192
2193         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
2194
2195         This is a largely mechanical change, simply adding an extra parameter to a number
2196         of functions. Some call sites need perform additional exception checks, and
2197         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
2198
2199         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
2200         an existing bug), I'll follow up with a third patch to handle that.
2201
2202         * API/JSObjectRef.cpp:
2203         (JSObjectSetPropertyAtIndex):
2204         * JSCTypedArrayStubs.h:
2205         (JSC):
2206         * dfg/DFGOperations.cpp:
2207         (JSC::DFG::putByVal):
2208         * dfg/DFGOperations.h:
2209         * dfg/DFGSpeculativeJIT32_64.cpp:
2210         (JSC::DFG::SpeculativeJIT::compile):
2211         * dfg/DFGSpeculativeJIT64.cpp:
2212         (JSC::DFG::SpeculativeJIT::compile):
2213         * interpreter/Interpreter.cpp:
2214         (JSC::Interpreter::privateExecute):
2215         * jit/JITStubs.cpp:
2216         (JSC::DEFINE_STUB_FUNCTION):
2217         * jsc.cpp:
2218         (GlobalObject::finishCreation):
2219         * llint/LLIntSlowPaths.cpp:
2220         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2221         * runtime/Arguments.cpp:
2222         (JSC::Arguments::putByIndex):
2223         * runtime/Arguments.h:
2224         (Arguments):
2225         * runtime/ArrayPrototype.cpp:
2226         (JSC::arrayProtoFuncPush):
2227         (JSC::arrayProtoFuncReverse):
2228         (JSC::arrayProtoFuncShift):
2229         (JSC::arrayProtoFuncSort):
2230         (JSC::arrayProtoFuncSplice):
2231         (JSC::arrayProtoFuncUnShift):
2232         * runtime/ClassInfo.h:
2233         (MethodTable):
2234         * runtime/JSArray.cpp:
2235         (JSC::SparseArrayValueMap::put):
2236         (JSC::JSArray::put):
2237         (JSC::JSArray::putByIndex):
2238         (JSC::JSArray::putByIndexBeyondVectorLength):
2239         (JSC::JSArray::push):
2240         (JSC::JSArray::shiftCount):
2241         (JSC::JSArray::unshiftCount):
2242         * runtime/JSArray.h:
2243         (SparseArrayValueMap):
2244         (JSArray):
2245         * runtime/JSByteArray.cpp:
2246         (JSC::JSByteArray::putByIndex):
2247         * runtime/JSByteArray.h:
2248         (JSByteArray):
2249         * runtime/JSCell.cpp:
2250         (JSC::JSCell::putByIndex):
2251         * runtime/JSCell.h:
2252         (JSCell):
2253         * runtime/JSNotAnObject.cpp:
2254         (JSC::JSNotAnObject::putByIndex):
2255         * runtime/JSNotAnObject.h:
2256         (JSNotAnObject):
2257         * runtime/JSONObject.cpp:
2258         (JSC::Walker::walk):
2259         * runtime/JSObject.cpp:
2260         (JSC::JSObject::putByIndex):
2261         * runtime/JSObject.h:
2262         (JSC::JSValue::putByIndex):
2263         * runtime/RegExpConstructor.cpp:
2264         (JSC::RegExpMatchesArray::fillArrayInstance):
2265         * runtime/RegExpMatchesArray.h:
2266         (JSC::RegExpMatchesArray::putByIndex):
2267         * runtime/StringPrototype.cpp:
2268         (JSC::stringProtoFuncSplit):
2269
2270 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
2271
2272         PredictNone is incorrectly treated as isDoublePrediction
2273         https://bugs.webkit.org/show_bug.cgi?id=80365
2274
2275         Reviewed by Filip Pizlo.
2276
2277         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
2278
2279         * bytecode/PredictedType.h:
2280         (JSC::isFixedIndexedStorageObjectPrediction):
2281         (JSC::isDoublePrediction):
2282
2283 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
2284
2285         The LLInt should work even when the JIT is disabled
2286         https://bugs.webkit.org/show_bug.cgi?id=80340
2287         <rdar://problem/10922235>
2288
2289         Reviewed by Gavin Barraclough.
2290
2291         * assembler/MacroAssemblerCodeRef.h:
2292         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
2293         (MacroAssemblerCodeRef):
2294         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
2295         * interpreter/Interpreter.cpp:
2296         (JSC::Interpreter::initialize):
2297         (JSC::Interpreter::execute):
2298         (JSC::Interpreter::executeCall):
2299         (JSC::Interpreter::executeConstruct):
2300         * jit/JIT.h:
2301         (JSC::JIT::compileCTINativeCall):
2302         * jit/JITStubs.h:
2303         (JSC::JITThunks::ctiNativeCall):
2304         (JSC::JITThunks::ctiNativeConstruct):
2305         * llint/LLIntEntrypoints.cpp:
2306         (JSC::LLInt::getFunctionEntrypoint):
2307         (JSC::LLInt::getEvalEntrypoint):
2308         (JSC::LLInt::getProgramEntrypoint):
2309         * llint/LLIntSlowPaths.cpp:
2310         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2311         (LLInt):
2312         * llint/LLIntSlowPaths.h:
2313         (LLInt):
2314         * llint/LowLevelInterpreter.h:
2315         * llint/LowLevelInterpreter32_64.asm:
2316         * runtime/Executable.h:
2317         (NativeExecutable):
2318         (JSC::NativeExecutable::create):
2319         (JSC::NativeExecutable::finishCreation):
2320         * runtime/JSGlobalData.cpp:
2321         (JSC::JSGlobalData::JSGlobalData):
2322         * runtime/JSGlobalData.h:
2323         (JSGlobalData):
2324         * runtime/Options.cpp:
2325         (Options):
2326         (JSC::Options::parse):
2327         (JSC::Options::initializeOptions):
2328         * runtime/Options.h:
2329         (Options):
2330         * wtf/Platform.h:
2331
2332 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
2333
2334         Checks for dead variables are not sufficient when fixing the expected
2335         values in DFG OSR entry
2336         https://bugs.webkit.org/show_bug.cgi?id=80371
2337
2338         Reviewed by Filip Pizlo.
2339
2340         A dead variable should be identified when there's no node referencing it.
2341         But we currently failed to catch the case where there are some nodes
2342         referencing a variable but those nodes are actually not referenced by
2343         others so will be ignored in code generation. In such case we should
2344         also consider that variable to be a dead variable in the block and fix
2345         the expected values.
2346         This is performance neutral on SunSpider, V8 and Kraken.
2347
2348         * dfg/DFGJITCompiler.h:
2349         (JSC::DFG::JITCompiler::noticeOSREntry):
2350
2351 2012-03-05  Oliver Hunt  <oliver@apple.com>
2352
2353         Fix Qt build.
2354
2355         * assembler/AbstractMacroAssembler.h:
2356         * assembler/MacroAssembler.h:
2357         (MacroAssembler):
2358         * dfg/DFGSpeculativeJIT.cpp:
2359         (JSC::DFG::SpeculativeJIT::compileArithSub):
2360         * jit/JITArithmetic32_64.cpp:
2361         (JSC::JIT::emitSub32Constant):
2362
2363 2012-03-05  Eric Seidel  <eric@webkit.org>
2364
2365         Update JavaScriptCore files to use fully-qualified WTF include paths
2366         https://bugs.webkit.org/show_bug.cgi?id=79960
2367
2368         Reviewed by Adam Barth.
2369
2370         This change does 5 small/related things:
2371          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
2372             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
2373             was not installing headers there.)
2374          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
2375             header search path, as that's where the WTF headers will be installed.
2376          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
2377             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
2378          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
2379             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
2380          5. Makes build-webkit build the WTF XCode project by default.
2381
2382         * API/tests/JSNode.c:
2383         * API/tests/JSNodeList.c:
2384         * Configurations/Base.xcconfig:
2385         * assembler/MacroAssemblerCodeRef.h:
2386         * bytecompiler/BytecodeGenerator.h:
2387         * dfg/DFGOperations.cpp:
2388         * heap/GCAssertions.h:
2389         * heap/HandleHeap.h:
2390         * heap/HandleStack.h:
2391         * heap/MarkedSpace.h:
2392         * heap/PassWeak.h:
2393         * heap/Strong.h:
2394         * heap/Weak.h:
2395         * jit/HostCallReturnValue.cpp:
2396         * jit/JIT.cpp:
2397         * jit/JITStubs.cpp:
2398         * jit/ThunkGenerators.cpp:
2399         * parser/Lexer.cpp:
2400         * runtime/Completion.cpp:
2401         * runtime/Executable.cpp:
2402         * runtime/Identifier.h:
2403         * runtime/InitializeThreading.cpp:
2404         * runtime/JSDateMath.cpp:
2405         * runtime/JSGlobalObjectFunctions.cpp:
2406         * runtime/JSStringBuilder.h:
2407         * runtime/JSVariableObject.h:
2408         * runtime/NumberPrototype.cpp:
2409         * runtime/WriteBarrier.h:
2410         * tools/CodeProfile.cpp:
2411         * tools/TieredMMapArray.h:
2412         * yarr/YarrJIT.cpp:
2413
2414 2012-03-05  Oliver Hunt  <oliver@apple.com>
2415
2416         Add basic support for constant blinding to the JIT
2417         https://bugs.webkit.org/show_bug.cgi?id=80354
2418
2419         Reviewed by Filip Pizlo.
2420
2421         This patch adds basic constant blinding support to the JIT, at the
2422         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
2423         get constant blinding.  Woo!
2424
2425         This patch only introduces blinding for Imm32, a later patch will do similar
2426         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
2427         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
2428         accessor that's needed to access the actual value.  This also means you cannot
2429         accidentally pass an untrusted value to a function that does not perform
2430         blinding.
2431
2432         To make everything work sensibly, this patch also corrects some code that was using
2433         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
2434         untrusted immediates, so that they call slightly different varaints of the functions
2435         that they used previously.  This is largely necessary to deal with x86-32 not having
2436         sufficient registers to handle the additional work required when we choose to blind
2437         a constant.
2438
2439         * assembler/AbstractMacroAssembler.h:
2440         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
2441         (Imm32):
2442         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
2443         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
2444         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
2445         (AbstractMacroAssembler):
2446         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
2447         (JSC::AbstractMacroAssembler::random):
2448         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
2449         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2450         * assembler/MacroAssembler.h:
2451         (JSC::MacroAssembler::addressForPoke):
2452         (MacroAssembler):
2453         (JSC::MacroAssembler::poke):
2454         (JSC::MacroAssembler::branchPtr):
2455         (JSC::MacroAssembler::branch32):
2456         (JSC::MacroAssembler::convertInt32ToDouble):
2457         (JSC::MacroAssembler::shouldBlind):
2458         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
2459         (BlindedImm32):
2460         (JSC::MacroAssembler::keyForConstant):
2461         (JSC::MacroAssembler::xorBlindConstant):
2462         (JSC::MacroAssembler::additionBlindedConstant):
2463         (JSC::MacroAssembler::andBlindedConstant):
2464         (JSC::MacroAssembler::orBlindedConstant):
2465         (JSC::MacroAssembler::loadXorBlindedConstant):
2466         (JSC::MacroAssembler::add32):
2467         (JSC::MacroAssembler::addPtr):
2468         (JSC::MacroAssembler::and32):
2469         (JSC::MacroAssembler::andPtr):
2470         (JSC::MacroAssembler::move):
2471         (JSC::MacroAssembler::or32):
2472         (JSC::MacroAssembler::store32):
2473         (JSC::MacroAssembler::sub32):
2474         (JSC::MacroAssembler::subPtr):
2475         (JSC::MacroAssembler::xor32):
2476         (JSC::MacroAssembler::branchAdd32):
2477         (JSC::MacroAssembler::branchMul32):
2478         (JSC::MacroAssembler::branchSub32):
2479         (JSC::MacroAssembler::trustedImm32ForShift):
2480         (JSC::MacroAssembler::lshift32):
2481         (JSC::MacroAssembler::rshift32):
2482         (JSC::MacroAssembler::urshift32):
2483         * assembler/MacroAssemblerARMv7.h:
2484         (MacroAssemblerARMv7):
2485         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
2486         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
2487         * assembler/MacroAssemblerX86_64.h:
2488         (JSC::MacroAssemblerX86_64::branchSubPtr):
2489         (MacroAssemblerX86_64):
2490         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
2491         * dfg/DFGJITCompiler.cpp:
2492         (JSC::DFG::JITCompiler::linkOSRExits):
2493         (JSC::DFG::JITCompiler::compileBody):
2494         (JSC::DFG::JITCompiler::compileFunction):
2495         * dfg/DFGOSRExitCompiler32_64.cpp:
2496         (JSC::DFG::OSRExitCompiler::compileExit):
2497         * dfg/DFGOSRExitCompiler64.cpp:
2498         (JSC::DFG::OSRExitCompiler::compileExit):
2499         * dfg/DFGSpeculativeJIT.cpp:
2500         (JSC::DFG::SpeculativeJIT::compile):
2501         (JSC::DFG::SpeculativeJIT::compileArithSub):
2502         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
2503         * dfg/DFGSpeculativeJIT.h:
2504         (JSC::DFG::SpeculativeJIT::callOperation):
2505         * dfg/DFGSpeculativeJIT32_64.cpp:
2506         (JSC::DFG::SpeculativeJIT::emitCall):
2507         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2508         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2509         (JSC::DFG::SpeculativeJIT::compile):
2510         * dfg/DFGSpeculativeJIT64.cpp:
2511         (JSC::DFG::SpeculativeJIT::emitCall):
2512         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2513         (JSC::DFG::SpeculativeJIT::compile):
2514         * jit/JIT.cpp:
2515         (JSC::JIT::privateCompileSlowCases):
2516         (JSC::JIT::privateCompile):
2517         * jit/JITArithmetic.cpp:
2518         (JSC::JIT::compileBinaryArithOp):
2519         (JSC::JIT::emit_op_add):
2520         (JSC::JIT::emit_op_mul):
2521         (JSC::JIT::emit_op_div):
2522         * jit/JITArithmetic32_64.cpp:
2523         (JSC::JIT::emitAdd32Constant):
2524         (JSC::JIT::emitSub32Constant):
2525         (JSC::JIT::emitBinaryDoubleOp):
2526         (JSC::JIT::emitSlow_op_mul):
2527         (JSC::JIT::emit_op_div):
2528         * jit/JITCall.cpp:
2529         (JSC::JIT::compileLoadVarargs):
2530         * jit/JITCall32_64.cpp:
2531         (JSC::JIT::compileLoadVarargs):
2532         * jit/JITInlineMethods.h:
2533         (JSC::JIT::updateTopCallFrame):
2534         (JSC::JIT::emitValueProfilingSite):
2535         * jit/JITOpcodes32_64.cpp:
2536         (JSC::JIT::emitSlow_op_jfalse):
2537         (JSC::JIT::emitSlow_op_jtrue):
2538         * jit/JITStubCall.h:
2539         (JITStubCall):
2540         (JSC::JITStubCall::addArgument):
2541         * yarr/YarrJIT.cpp:
2542         (JSC::Yarr::YarrGenerator::backtrack):
2543
2544 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
2545
2546         putByIndex should throw in strict mode
2547         https://bugs.webkit.org/show_bug.cgi?id=80335
2548
2549         Reviewed by Filip Pizlo.
2550
2551         We'll need to pass an additional parameter.
2552
2553         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
2554         to match the method in the MethodTable, make this take a parameter indicating
2555         whether the put should throw. This fixes the cases where the base of the put
2556         is a primitive.
2557
2558         * dfg/DFGOperations.cpp:
2559         (DFG):
2560         (JSC::DFG::putByVal):
2561         (JSC::DFG::operationPutByValInternal):
2562         * interpreter/Interpreter.cpp:
2563         (JSC::Interpreter::execute):
2564         (JSC::Interpreter::privateExecute):
2565         * jit/JITStubs.cpp:
2566         (JSC::DEFINE_STUB_FUNCTION):
2567         * llint/LLIntSlowPaths.cpp:
2568         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2569         * runtime/JSObject.h:
2570         (JSC::JSValue::putByIndex):
2571         * runtime/JSValue.cpp:
2572         (JSC):
2573         * runtime/JSValue.h:
2574         (JSValue):
2575
2576 2012-03-05  Sam Weinig  <sam@webkit.org>
2577
2578         Add support for hosting layers in the window server in WebKit2
2579         <rdar://problem/10400246>
2580         https://bugs.webkit.org/show_bug.cgi?id=80310
2581
2582         Reviewed by Anders Carlsson.
2583
2584         * wtf/Platform.h:
2585         Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
2586
2587 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
2588
2589         Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
2590
2591         * bytecode/ExecutionCounter.cpp:
2592         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
2593         * bytecode/ExecutionCounter.h:
2594
2595 2012-03-05  Patrick Gansterer  <paroga@webkit.org>
2596
2597         Unreviewed. Build fix for !ENABLE(JIT) after r109705.
2598
2599         * bytecode/ExecutionCounter.cpp:
2600         * bytecode/ExecutionCounter.h:
2601
2602 2012-03-05  Andy Wingo  <wingo@igalia.com>
2603
2604         Lexer: Specialize character predicates for LChar, UChar
2605         https://bugs.webkit.org/show_bug.cgi?id=79677
2606
2607         Reviewed by Oliver Hunt.
2608
2609         This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
2610         and isLineTerminator to perform a more limited number of checks if
2611         the lexer is being instantiated to work on LChar sequences.  This
2612         is about a 1.5% win on the --parse-only suite, here.
2613
2614         * parser/Lexer.cpp:
2615         (JSC::isLatin1): New static helper, specialized for LChar and
2616         UChar.
2617         (JSC::typesOfLatin1Characters): Rename from
2618         typesOfASCIICharacters, and expand to the range of the LChar
2619         type.  All uses of isASCII are changed to use isLatin1.  Generated
2620         using libunistring.
2621         (JSC::isNonLatin1IdentStart):
2622         (JSC::isIdentStart):
2623         (JSC::isNonLatin1IdentPart):
2624         (JSC::isIdentPart):
2625         (JSC::Lexer::shiftLineTerminator):
2626         (JSC::Lexer::parseIdentifier):
2627         (JSC::Lexer::parseIdentifierSlowCase):
2628         (JSC::Lexer::parseStringSlowCase):
2629         (JSC::Lexer::parseMultilineComment):
2630         (JSC::Lexer::lex):
2631         (JSC::Lexer::scanRegExp):
2632         (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
2633         * parser/Lexer.h:
2634         (JSC::Lexer::isWhiteSpace):
2635         (JSC::Lexer::isLineTerminator):
2636         * KeywordLookupGenerator.py:
2637         (Trie.printAsC): Declare specialized isIdentPart static functions.
2638
2639 2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
2640
2641         Unreviewed. Fix make distcheck.
2642
2643         * GNUmakefile.list.am: Add missing header file.
2644
2645 2012-03-05  Andy Wingo  <wingo@igalia.com>
2646
2647         WTF: Micro-optimize cleanup of empty vectors and hash tables
2648         https://bugs.webkit.org/show_bug.cgi?id=79903
2649
2650         Reviewed by Michael Saboff and Geoffrey Garen.
2651
2652         This patch speeds up cleanup of vectors and hash tables whose
2653         backing store was never allocated.  This is the case by default
2654         for most vectors / hash tables that never had any entries added.
2655
2656         The result for me is that calling checkSyntax 1000 times on
2657         concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
2658         2.4% speedup.
2659
2660         * wtf/HashTable.h:
2661         (WTF::HashTable::~HashTable):
2662         (WTF::::clear): Don't deallocate the storage or frob member
2663         variables if there is no backing storage.
2664         * wtf/Vector.h:
2665         (WTF::VectorBufferBase::deallocateBuffer): Likewise.
2666
2667 2012-03-04  Filip Pizlo  <fpizlo@apple.com>
2668
2669         JIT heuristics should be hyperbolic
2670         https://bugs.webkit.org/show_bug.cgi?id=80055
2671         <rdar://problem/10922260>
2672
2673         Reviewed by Oliver Hunt.
2674         
2675         Added tracking of the amount of executable memory typically used for a bytecode
2676         instruction. Modified the execution counter scheme to use this, and the amount
2677         of free memory, to determine how long to wait before invoking the JIT.
2678         
2679         The result is that even if we bomb the VM with more code than can fit in our
2680         executable memory pool, we still keep running and almost never run out of
2681         executable memory - which ensures that if we have to JIT something critical, then
2682         we'll likely have enough memory to do so. This also does not regress performance
2683         on the three main benchmarks.
2684         
2685         * CMakeLists.txt:
2686         * GNUmakefile.list.am:
2687         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2688         * JavaScriptCore.xcodeproj/project.pbxproj:
2689         * Target.pri:
2690         * bytecode/CodeBlock.cpp:
2691         (JSC::CodeBlock::predictedMachineCodeSize):
2692         (JSC):
2693         (JSC::CodeBlock::usesOpcode):
2694         * bytecode/CodeBlock.h:
2695         (CodeBlock):
2696         (JSC::CodeBlock::checkIfJITThresholdReached):
2697         (JSC::CodeBlock::dontJITAnytimeSoon):
2698         (JSC::CodeBlock::jitAfterWarmUp):
2699         (JSC::CodeBlock::jitSoon):
2700         (JSC::CodeBlock::llintExecuteCounter):
2701         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
2702         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
2703         (JSC::CodeBlock::addressOfJITExecuteCounter):
2704         (JSC::CodeBlock::offsetOfJITExecuteCounter):
2705         (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
2706         (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
2707         (JSC::CodeBlock::jitExecuteCounter):
2708         (JSC::CodeBlock::checkIfOptimizationThresholdReached):
2709         (JSC::CodeBlock::optimizeNextInvocation):
2710         (JSC::CodeBlock::dontOptimizeAnytimeSoon):
2711         (JSC::CodeBlock::optimizeAfterWarmUp):
2712         (JSC::CodeBlock::optimizeAfterLongWarmUp):
2713         (JSC::CodeBlock::optimizeSoon):
2714         * bytecode/ExecutionCounter.cpp: Added.
2715         (JSC):
2716         (JSC::ExecutionCounter::ExecutionCounter):
2717         (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
2718         (JSC::ExecutionCounter::setNewThreshold):
2719         (JSC::ExecutionCounter::deferIndefinitely):
2720         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
2721         (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
2722         (JSC::ExecutionCounter::hasCrossedThreshold):
2723         (JSC::ExecutionCounter::setThreshold):
2724         (JSC::ExecutionCounter::reset):
2725         * bytecode/ExecutionCounter.h: Added.
2726         (JSC):
2727         (ExecutionCounter):
2728         (JSC::ExecutionCounter::formattedTotalCount):
2729         * dfg/DFGOSRExitCompiler32_64.cpp:
2730         (JSC::DFG::OSRExitCompiler::compileExit):
2731         * dfg/DFGOSRExitCompiler64.cpp:
2732         (JSC::DFG::OSRExitCompiler::compileExit):
2733         * jit/ExecutableAllocator.cpp:
2734         (JSC::DemandExecutableAllocator::allocateNewSpace):
2735         (JSC::ExecutableAllocator::underMemoryPressure):
2736         (JSC):
2737         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2738         * jit/ExecutableAllocator.h:
2739         * jit/ExecutableAllocatorFixedVMPool.cpp:
2740         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2741         (JSC):
2742         * jit/JIT.cpp:
2743         (JSC::JIT::privateCompile):
2744         * jit/JITStubs.cpp:
2745         (JSC::DEFINE_STUB_FUNCTION):
2746         * llint/LLIntSlowPaths.cpp:
2747         (JSC::LLInt::jitCompileAndSetHeuristics):
2748         * llint/LowLevelInterpreter32_64.asm:
2749         * runtime/JSGlobalData.h:
2750         (JSGlobalData):
2751         * runtime/Options.cpp:
2752         (Options):
2753         (JSC::Options::initializeOptions):
2754         * runtime/Options.h:
2755         (Options):
2756         * wtf/SimpleStats.h: Added.
2757         (WTF):
2758         (SimpleStats):
2759         (WTF::SimpleStats::SimpleStats):
2760         (WTF::SimpleStats::add):
2761         (WTF::SimpleStats::operator!):
2762         (WTF::SimpleStats::count):
2763         (WTF::SimpleStats::sum):
2764         (WTF::SimpleStats::sumOfSquares):
2765         (WTF::SimpleStats::mean):
2766         (WTF::SimpleStats::variance):
2767         (WTF::SimpleStats::standardDeviation):
2768
2769 2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
2770
2771         [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
2772         https://bugs.webkit.org/show_bug.cgi?id=71507
2773
2774         Reviewed by Antonio Gomes.
2775
2776         * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
2777
2778 2012-03-04  David Kilzer  <ddkilzer@apple.com>
2779
2780         Fix build when the classic interpreter is enabled
2781
2782         Reviewed by Gavin Barraclough.
2783
2784         Fixes the following build error when running the "Generate
2785         Derived Sources" build phase script:
2786
2787             offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
2788             ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
2789                     from JavaScriptCore/offlineasm/asm.rb:131
2790             Command /bin/sh failed with exit code 1
2791
2792         Gavin's fix in r109674 avoided the #error statement in
2793         JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
2794         caused the "Generate Derived Sources" build phase script to fail
2795         when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
2796         to detect when the classic interpreter is being built and simply
2797         exit early from asm.rb in that case.
2798
2799         * llint/LLIntOffsetsExtractor.cpp:
2800         (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
2801         JIT is disabled.  Note that offsets.rb doesn't care about the
2802         return value here, but instead it cares about finding the magic
2803         values in the binary.  The magic values are no longer present
2804         when the JIT is disabled.
2805         * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
2806         early with a status message.
2807         * offlineasm/offsets.rb:
2808         (MissingMagicValuesException): Add new exception class.
2809         (offsetsAndConfigurationIndex): Throw
2810         MissingMagicValuesException when no magic values are found.
2811
2812 2012-03-04  Jurij Smakov  <jurij@wooyd.org>
2813
2814         SPARC also needs aligned accesses.
2815
2816         Rubber-stamped by Gustavo Noronha Silva.
2817
2818         * wtf/Platform.h:
2819
2820 2012-03-04  Gavin Barraclough  <barraclough@apple.com>
2821
2822         Unreviewed build fix.
2823
2824         * jit/JITStubs.h:
2825             - Move ENABLE(JIT) to head of file.
2826
2827 2012-03-03  Gavin Barraclough  <barraclough@apple.com>
2828
2829         Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
2830         https://bugs.webkit.org/show_bug.cgi?id=80217
2831
2832         Reviewed by Filip Pizlo.
2833
2834         putByIndex() provides similar behavior to put(), but for indexed property names.
2835         Many places in ArrayPrototype call putByIndex() where they really mean to call
2836         [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
2837         calling numeric accessors (& respecting numeric read only properties) on the
2838         prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
2839         putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
2840
2841         * runtime/ArrayPrototype.cpp:
2842         (JSC::arrayProtoFuncConcat):
2843         (JSC::arrayProtoFuncSlice):
2844         (JSC::arrayProtoFuncFilter):
2845         (JSC::arrayProtoFuncMap):
2846         * runtime/JSArray.cpp:
2847         (JSC):
2848         (JSC::reject):
2849         (JSC::SparseArrayValueMap::putDirect):
2850         (JSC::JSArray::defineOwnNumericProperty):
2851         (JSC::JSArray::putByIndexBeyondVectorLength):
2852         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2853         * runtime/JSArray.h:
2854         (SparseArrayValueMap):
2855         (JSArray):
2856         (JSC::JSArray::putDirectIndex):
2857
2858 2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
2859
2860         Implement the basis of KURLWTFURL
2861         https://bugs.webkit.org/show_bug.cgi?id=79600
2862
2863         Reviewed by Adam Barth.
2864
2865         Add an API to know if a ParsedURL is valid.
2866
2867         * wtf/url/api/ParsedURL.cpp:
2868         (WTF::ParsedURL::ParsedURL):
2869         (WTF):
2870         (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
2871         and by KURL's detach() on write.
2872         (WTF::ParsedURL::baseAsString):
2873         (WTF::ParsedURL::segment):
2874         Add a stronger constraint on accessors: the client of this API should never ask for the segments
2875         on an invalid URL.
2876         * wtf/url/api/ParsedURL.h:
2877         (WTF):
2878         (WTF::ParsedURL::ParsedURL):
2879         (ParsedURL):
2880         (WTF::ParsedURL::isValid):
2881
2882 2012-03-03  Hans Wennborg  <hans@chromium.org>
2883
2884         Implement Speech JavaScript API
2885         https://bugs.webkit.org/show_bug.cgi?id=80019
2886
2887         Reviewed by Adam Barth.
2888
2889         Add ENABLE_SCRIPTED_SPEECH.
2890
2891         * Configurations/FeatureDefines.xcconfig:
2892
2893 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
2894
2895         When getting the line number of a call into a call frame with no code block, it's
2896         incorrect to rely on the returnPC
2897         https://bugs.webkit.org/show_bug.cgi?id=80195
2898
2899         Reviewed by Oliver Hunt.
2900
2901         * interpreter/Interpreter.cpp:
2902         (JSC::getCallerInfo):
2903         * jit/JITCall.cpp:
2904         (JSC::JIT::compileLoadVarargs):
2905
2906 2012-03-02  Han Hojong  <hojong.han@samsung.com>
2907
2908         Expected results updated for checking type conversion
2909         https://bugs.webkit.org/show_bug.cgi?id=80138
2910
2911         Reviewed by Gavin Barraclough.
2912
2913         * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
2914
2915 2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
2916
2917         Adding WebSocket per-frame DEFLATE extension
2918         https://bugs.webkit.org/show_bug.cgi?id=77522
2919
2920         Added USE(ZLIB) flag.
2921
2922         Reviewed by Kent Tamura.
2923
2924         * wtf/Platform.h:
2925
2926 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
2927
2928         Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
2929
2930         * bytecode/CodeBlock.cpp:
2931         (JSC::CodeBlock::visitAggregate):
2932
2933 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
2934
2935         DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
2936         virtue of being in the transitive closure
2937         https://bugs.webkit.org/show_bug.cgi?id=80098
2938  
2939         Reviewed by Anders Carlsson.
2940         
2941         If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
2942         then you might have the visitAggregate() method called concurrently by multiple threads.
2943         This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
2944         racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
2945         due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
2946         
2947         It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
2948         not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
2949         any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
2950         Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
2951         don't lead to two threads racing over each other as they clobber state. This patch
2952         achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
2953         trivially linearizable) will get to trace the CodeBlock; all other threads give up and
2954         go home.
2955         
2956         Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
2957         times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
2958         even when it's gotten sufficient counts. But that takes a while - sometimes up to a
2959         minute to get a crash. I have no other reliable repro case.
2960
2961         * bytecode/CodeBlock.cpp:
2962         (JSC::CodeBlock::visitAggregate):
2963         * bytecode/CodeBlock.h:
2964         (DFGData):
2965         * heap/DFGCodeBlocks.cpp:
2966         (JSC::DFGCodeBlocks::clearMarks):
2967
2968 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
2969
2970         The JIT should not crash the entire process just because there is not enough executable
2971         memory, if the LLInt is enabled
2972         https://bugs.webkit.org/show_bug.cgi?id=79962
2973
2974         Reviewed by Csaba Osztrogonác.
2975         
2976         Fix for ARM, SH4.
2977
2978         * assembler/AssemblerBufferWithConstantPool.h:
2979         (JSC::AssemblerBufferWithConstantPool::executableCopy):
2980
2981 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
2982
2983         Revert my change. Broke builds.
2984         Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
2985         Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
2986
2987         * wtf/Atomics.h:
2988         (WTF):
2989         (WTF::weakCompareAndSwap):
2990
2991 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
2992
2993         Gcc build fix.
2994
2995         Rubber-stamped by Filip Pizlo.
2996
2997         * wtf/Atomics.h:
2998         (WTF):
2999         (WTF::weakCompareAndSwap):
3000
3001 2012-03-01  Gavin Barraclough  <barraclough@apple.com>
3002
3003         ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
3004         https://bugs.webkit.org/show_bug.cgi?id=80011
3005
3006         Reviewed by Oliver Hunt.
3007
3008         Also, fix getting the caller from within a bound function, for within a getter,
3009         or setter (make our implementation match other browsers).
3010
3011         * interpreter/Interpreter.cpp:
3012         (JSC::getCallerInfo):
3013             - Allow this to get the caller of host functions.
3014         (JSC::Interpreter::retrieveCallerFromVMCode):
3015             - This should use getCallerInfo, and should skip over function bindings.
3016         * runtime/JSFunction.cpp:
3017         (JSC::JSFunction::callerGetter):
3018             - This should never return a strict-mode function.
3019
3020 2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
3021
3022         DFG local CSE for a node can be terminated earlier
3023         https://bugs.webkit.org/show_bug.cgi?id=80014
3024
3025         Reviewed by Filip Pizlo.
3026
3027         When one of the node's childredn is met in the process of back traversing
3028         the nodes, we don't need to traverse the remaining nodes.
3029         This is performance neutral on SunSpider, V8 and Kraken.
3030
3031         * dfg/DFGCSEPhase.cpp:
3032         (JSC::DFG::CSEPhase::pureCSE):
3033         (JSC::DFG::CSEPhase::impureCSE):
3034         (JSC::DFG::CSEPhase::getByValLoadElimination):
3035         (JSC::DFG::CSEPhase::checkFunctionElimination):
3036         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3037         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3038         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3039         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3040
3041 2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>
3042
3043         DFG BasicBlocks should not require that their nodes have continuous indices in the graph
3044         https://bugs.webkit.org/show_bug.cgi?id=79899
3045
3046         Reviewed by Filip Pizlo.
3047
3048         This will make it more convenient to insert nodes into the DFG.
3049         With this capability we now place the Phi nodes in the corresponding
3050         blocks.
3051         Local CSE is modified to not to rely on the assumption of continuous
3052         node indices in a block.
3053         This is performance neutral on SunSpider, V8 and Kraken.
3054
3055         * dfg/DFGAbstractState.cpp:
3056         (JSC::DFG::AbstractState::AbstractState):
3057         (JSC::DFG::AbstractState::beginBasicBlock):
3058         (JSC::DFG::AbstractState::execute):
3059         (JSC::DFG::AbstractState::clobberStructures):
3060         (JSC::DFG::AbstractState::mergeToSuccessors):
3061         (JSC::DFG::AbstractState::dump):
3062         * dfg/DFGAbstractState.h:
3063         (JSC::DFG::AbstractState::forNode):
3064         (AbstractState):
3065         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
3066         (ArithNodeFlagsInferencePhase):
3067         * dfg/DFGBasicBlock.h:
3068         (JSC::DFG::BasicBlock::BasicBlock):
3069         (BasicBlock):
3070         * dfg/DFGByteCodeParser.cpp:
3071         (JSC::DFG::ByteCodeParser::addToGraph):
3072         (ByteCodeParser):
3073         (JSC::DFG::ByteCodeParser::insertPhiNode):
3074         (JSC::DFG::ByteCodeParser::handleInlining):
3075         (JSC::DFG::ByteCodeParser::parseBlock):
3076         (JSC::DFG::ByteCodeParser::processPhiStack):
3077         (JSC::DFG::ByteCodeParser::linkBlock):
3078         (JSC::DFG::ByteCodeParser::determineReachability):
3079         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3080         * dfg/DFGCFAPhase.cpp:
3081         (JSC::DFG::CFAPhase::performBlockCFA):
3082         (CFAPhase):
3083         * dfg/DFGCSEPhase.cpp:
3084         (JSC::DFG::CSEPhase::CSEPhase):
3085         (JSC::DFG::CSEPhase::endIndexForPureCSE):
3086         (JSC::DFG::CSEPhase::pureCSE):
3087         (JSC::DFG::CSEPhase::impureCSE):
3088         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3089         (JSC::DFG::CSEPhase::getByValLoadElimination):
3090         (JSC::DFG::CSEPhase::checkFunctionElimination):
3091         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3092         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3093         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3094         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3095         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3096         (JSC::DFG::CSEPhase::performNodeCSE):
3097         (JSC::DFG::CSEPhase::performBlockCSE):
3098         (CSEPhase):
3099         * dfg/DFGGraph.cpp:
3100         (JSC::DFG::Graph::dump):
3101         * dfg/DFGPhase.cpp:
3102         (JSC::DFG::Phase::beginPhase):
3103         * dfg/DFGSpeculativeJIT.cpp:
3104         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
3105         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
3106         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3107         (JSC::DFG::SpeculativeJIT::compile):
3108         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3109         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3110         * dfg/DFGSpeculativeJIT.h:
3111         (SpeculativeJIT):
3112         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3113         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3114         * dfg/DFGSpeculativeJIT32_64.cpp:
3115         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
3116         * dfg/DFGSpeculativeJIT64.cpp:
3117         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
3118         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3119         (JSC::DFG::VirtualRegisterAllocationPhase::run):
3120
3121 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
3122
3123         The JIT should not crash the entire process just because there is not
3124         enough executable memory, if the LLInt is enabled
3125         https://bugs.webkit.org/show_bug.cgi?id=79962
3126         <rdar://problem/10922215>
3127
3128         Unreviewed, adding forgotten file.
3129
3130         * jit/JITCompilationEffort.h: Added.
3131         (JSC):
3132
3133 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
3134
3135         The JIT should not crash the entire process just because there is not
3136         enough executable memory, if the LLInt is enabled
3137         https://bugs.webkit.org/show_bug.cgi?id=79962
3138         <rdar://problem/10922215>
3139
3140         Reviewed by Gavin Barraclough.
3141         
3142         Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
3143         a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
3144         JITCompilationMustSucceed. This preserves the old behavior of LLInt is
3145         disabled or if we're compiling something that can't be interpreted (like
3146         an OSR exit stub).
3147
3148         * JavaScriptCore.xcodeproj/project.pbxproj:
3149         * assembler/ARMAssembler.cpp:
3150         (JSC::ARMAssembler::executableCopy):
3151         * assembler/ARMAssembler.h:
3152         (ARMAssembler):
3153         * assembler/AssemblerBuffer.h:
3154         (JSC::AssemblerBuffer::executableCopy):
3155         * assembler/LinkBuffer.h:
3156         (JSC::LinkBuffer::LinkBuffer):
3157         (JSC::LinkBuffer::~LinkBuffer):
3158         (LinkBuffer):
3159         (JSC::LinkBuffer::didFailToAllocate):
3160         (JSC::LinkBuffer::isValid):
3161         (JSC::LinkBuffer::linkCode):
3162         (JSC::LinkBuffer::performFinalization):
3163         * assembler/MIPSAssembler.h:
3164         (JSC::MIPSAssembler::executableCopy):
3165         * assembler/SH4Assembler.h:
3166         (JSC::SH4Assembler::executableCopy):
3167         * assembler/X86Assembler.h:
3168         (JSC::X86Assembler::executableCopy):
3169         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
3170         * bytecode/CodeBlock.cpp:
3171         (JSC::ProgramCodeBlock::jitCompileImpl):
3172         (JSC::EvalCodeBlock::jitCompileImpl):
3173         (JSC::FunctionCodeBlock::jitCompileImpl):
3174         * bytecode/CodeBlock.h:
3175         (JSC::CodeBlock::jitCompile):
3176         (CodeBlock):
3177         (ProgramCodeBlock):
3178         (EvalCodeBlock):
3179         (FunctionCodeBlock):
3180         * dfg/DFGDriver.cpp:
3181         (JSC::DFG::compile):
3182         * dfg/DFGJITCompiler.cpp:
3183         (JSC::DFG::JITCompiler::compile):
3184         (JSC::DFG::JITCompiler::compileFunction):
3185         * dfg/DFGJITCompiler.h:
3186         (JITCompiler):
3187         * jit/ExecutableAllocator.cpp:
3188         (JSC::DemandExecutableAllocator::allocateNewSpace):
3189         (JSC::ExecutableAllocator::allocate):
3190         * jit/ExecutableAllocator.h:
3191         (ExecutableAllocator):
3192         * jit/ExecutableAllocatorFixedVMPool.cpp:
3193         (JSC::ExecutableAllocator::allocate):
3194         * jit/JIT.cpp:
3195         (JSC::JIT::privateCompile):
3196         * jit/JIT.h:
3197         (JSC::JIT::compile):
3198         (JIT):
3199         * jit/JITCompilationEffort.h: Added.
3200         (JSC):
3201         * jit/JITDriver.h:
3202         (JSC::jitCompileIfAppropriate):
3203         (JSC::jitCompileFunctionIfAppropriate):
3204         * llint/LLIntSlowPaths.cpp:
3205         (LLInt):
3206         (JSC::LLInt::jitCompileAndSetHeuristics):
3207         (JSC::LLInt::entryOSR):
3208         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3209         * runtime/Executable.cpp:
3210         (JSC::EvalExecutable::jitCompile):
3211         (JSC::ProgramExecutable::jitCompile):
3212         (JSC::FunctionExecutable::jitCompileForCall):
3213         (JSC::FunctionExecutable::jitCompileForConstruct):
3214         * runtime/Executable.h:
3215         (EvalExecutable):
3216         (ProgramExecutable):
3217         (FunctionExecutable):
3218         (JSC::FunctionExecutable::jitCompileFor):
3219         * runtime/ExecutionHarness.h:
3220         (JSC::prepareForExecution):
3221         (JSC::prepareFunctionForExecution):
3222
3223 2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>
3224
3225         [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
3226         https://bugs.webkit.org/show_bug.cgi?id=79501
3227
3228         Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
3229
3230         Reviewed by Kenneth Rohde Christiansen.
3231
3232         * wtf/Platform.h:
3233
3234 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
3235
3236         Rubber stamped by Oliver Hunt.
3237
3238         * tests/mozilla/ecma_2/RegExp/constructor-001.js:
3239         * tests/mozilla/ecma_2/RegExp/function-001.js:
3240         * tests/mozilla/ecma_2/RegExp/properties-001.js:
3241             - Check in new test cases results.
3242
3243 2012-02-29  Mark Rowe  <mrowe@apple.com>
3244
3245         Stop installing JSCLLIntOffsetsExtractor.
3246
3247         Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
3248         that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
3249         This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
3250
3251         While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
3252         for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
3253         to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
3254         allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
3255
3256         Reviewed by Filip Pizlo.
3257
3258         * Configurations/TestRegExp.xcconfig: Removed.
3259         * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
3260         * JavaScriptCore.xcodeproj/project.pbxproj:
3261
3262 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
3263
3264         RefCounted::deprecatedTurnOffVerifier() should not be deprecated
3265         https://bugs.webkit.org/show_bug.cgi?id=79864
3266
3267         Reviewed by Oliver Hunt.
3268         
3269         Removed the word "deprecated" from the name of this method, since this method
3270         should not be deprecated. It works just fine as it is, and there is simply no
3271         alternative to calling this method for many interesting JSC classes.
3272
3273         * parser/SourceProvider.h:
3274         (JSC::SourceProvider::SourceProvider):
3275         * runtime/SymbolTable.h:
3276         (JSC::SharedSymbolTable::SharedSymbolTable):
3277         * wtf/MetaAllocator.cpp:
3278         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
3279         (WTF::MetaAllocator::allocate):
3280         * wtf/RefCounted.h:
3281         (RefCountedBase):
3282         (WTF::RefCountedBase::turnOffVerifier):
3283
3284 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
3285
3286         'source' property of RegExp instance cannot be ""
3287         https://bugs.webkit.org/show_bug.cgi?id=79938
3288
3289         Reviewed by Oliver Hunt.
3290
3291         15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
3292         and also states that the result must be a valid RegularExpressionLiteral. '//' is
3293         not a valid RegularExpressionLiteral (since it is a single line comment), and hence
3294         source cannot ever validly be "". If the source is empty, return a different Pattern
3295         that would match the same thing.
3296
3297         * runtime/RegExpObject.cpp:
3298         (JSC::regExpObjectSource):
3299             - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
3300         * runtime/RegExpPrototype.cpp:
3301         (JSC::regExpProtoFuncToString):
3302             - No need to special case the empty string - this should be being done by 'source'.
3303
3304 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
3305
3306         Writable attribute not set correctly when redefining an accessor to a data descriptor
3307         https://bugs.webkit.org/show_bug.cgi?id=79931
3308
3309         Reviewed by Oliver Hunt.
3310
3311         * runtime/JSObject.cpp:
3312         (JSC::JSObject::defineOwnProperty):
3313             - use attributesOverridingCurrent instead of attributesWithOverride.
3314         * runtime/PropertyDescriptor.cpp:
3315         * runtime/PropertyDescriptor.h:
3316             - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
3317
3318 2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>
3319
3320         Add JSCore symbol exports needed by wx port
3321         https://bugs.webkit.org/show_bug.cgi?id=77280
3322
3323         Reviewed by Hajime Morita.
3324
3325         * wtf/ArrayBufferView.h:
3326         * wtf/ExportMacros.h:
3327
3328 2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>
3329
3330         [CMake] Always build wtf as a static library.
3331         https://bugs.webkit.org/show_bug.cgi?id=79857
3332
3333         Reviewed by Eric Seidel.
3334
3335         To help the efforts in bug 75673 to move WTF out of
3336         JavaScriptCore, act more like the other ports and remove the
3337         possibility of building WTF as a shared library.
3338
3339         It does not make much sense to, for example, ship WTF as a
3340         separate .so with webkit-efl packages, and it should be small
3341         enough not to cause problems during linking.
3342
3343         * wtf/CMakeLists.txt:
3344
3345 2012-02-28  Dmitry Lomov  <dslomov@google.com>
3346
3347         [JSC] Implement ArrayBuffer transfer
3348         https://bugs.webkit.org/show_bug.cgi?id=73493.
3349         Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
3350         This brings parity with V8 implementation of transferable typed arrays.
3351
3352         Reviewed by Oliver Hunt.
3353
3354         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
3355         * wtf/ArrayBuffer.h:
3356         (ArrayBuffer): Added extra export.
3357
3358 2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>
3359
3360         [wx] Unreviewed. Build fix after recent LLInt additions.
3361         
3362         * wscript:
3363
3364 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
3365
3366         Refactor SpeculativeJIT::emitAllocateJSFinalObject
3367         https://bugs.webkit.org/show_bug.cgi?id=79801
3368
3369         Reviewed by Filip Pizlo.
3370
3371         * dfg/DFGSpeculativeJIT.h:
3372         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
3373         function, which is more generic in that it can allocate a variety of classes.
3374         (SpeculativeJIT):
3375         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
3376
3377 2012-02-28  Gavin Barraclough  <barraclough@apple.com>
3378
3379         [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
3380         https://bugs.webkit.org/show_bug.cgi?id=79588
3381
3382         Reviewed by Oliver Hunt.
3383
3384         In the case of [[Get]], this is a pretty trivial bug - just don't wrap
3385         primitives at the point you call a getter.
3386
3387         For setters, this is a little more involved, since we have already wrapped
3388         the value up in a synthesized object. Stop doing so. There is also a further
3389         subtely, that in strict mode all attempts to create a new data property on
3390         the object should throw.
3391
3392         * runtime/JSCell.cpp:
3393         (JSC::JSCell::put):
3394             - [[Put]] to a string primitive should use JSValue::putToPrimitive.
3395         * runtime/JSObject.cpp:
3396         (JSC::JSObject::put):
3397             - Remove static function called in one place.
3398         * runtime/JSObject.h:
3399         (JSC::JSValue::put):
3400             - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
3401         * runtime/JSValue.cpp:
3402         (JSC::JSValue::synthesizePrototype):
3403             - Add support for synthesizing the prototype of strings.
3404         (JSC::JSValue::putToPrimitive):
3405             - Added, implements [[Put]] for primitive bases, per 8.7.2.
3406         * runtime/JSValue.h:
3407         (JSValue):
3408             - Add declaration for JSValue::putToPrimitive.
3409         * runtime/PropertySlot.cpp:
3410         (JSC::PropertySlot::functionGetter):
3411             - Don't call ToObject on primitive this values.
3412
3413 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
3414
3415         Re-enable parallel GC on Mac
3416         https://bugs.webkit.org/show_bug.cgi?id=79837
3417
3418         Rubber stamped by Filip Pizlo.
3419
3420         * runtime/Options.cpp:
3421         (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
3422         so we removed it and things should go back to normal.
3423
3424 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
3425
3426         Some run-javascriptcore-tests broken for 32-bit debug
3427         https://bugs.webkit.org/show_bug.cgi?id=79844
3428
3429         Rubber stamped by Oliver Hunt.
3430         
3431         These assertions are just plain wrong for 32-bit. We could either have a massive
3432         assertion that depends on value representation, that has to be changed every
3433         time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
3434       &nb